An insecure default configuration security vulnerability exists in theway the Kerberos client utility (kclient(1M)) and the CIFSconfiguration utility (smbadm(1M)) join a Windows Active Directorydomain.

Permalink |

A security vulnerability in the in Transport Layer Security (TLS) andSecure Sockets Layer 3.0 (SSLv3) protocols in the handling of
session renegotiations affects Network Security Services (NSS)libraries bundled with the following products:
 

Systems running these server applications are susceptible to aman-in-the-middle attack whereby a remote unauthenticated user with theability to intercept and control network traffic may sendunauthenticated request at the beginning of an HTTPS session that isprocessed retroactively by the server. The vulnerability does not allowone to decrypt the HTTPS responses or requests in the session.

This issue is referenced in the following document:


Sun acknowledges with thanks, Marsh Ray and Steve Dispensa ofPhoneFactor for bringing this issue to our attention.

Please also see SunAlert 273350 that describes this issue in NSS libraries providedwith Solaris and Sun Java System Enterprise System 5.

Permalink |

A security vulnerability in the BIND DNS software shipped with Solarismay allow a remote user who is able to perform recursive queries tocause a server that is configured to support DNSSEC validation andrecursive client queries to return incorrect addresses for Internethosts, thereby redirecting end users to unintended hosts or services.

This issue is also mentioned in the following documents:

• https://www.isc.org/node/504
• CVE-2009-4022 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
• CERT VU#418861 at: http://www.kb.cert.org/vuls/id/418861
  

Permalink |

Multiple security vulnerabilities have been identified in BINDDNSSEC bundled with Solaris:

1. An authentication security vulnerability in named(1M) may allow aremote unprivileged user to cause named(1M) to return incorrectaddresses for Internet hosts, thereby redirecting end users tounintended hosts or services.

This issue is also referenced in the following documents:


2. A vulnerability in the way named(1M) handles recursive clientqueries may allow a remote unprivileged user to cause named(1M) toreturn NXDOMAIN (Non-Existent Domain) for Internet hosts thus causing aDenial of Service (DoS) for those hosts to end users.

This issue is also referenced in the following documents:


Permalink |

Multiple integer overflow vulnerabilities in the FreeType 2 Font Library
(libfreetype) may affect applications that make use of this library. Depending
on the application, this vulnerability may allow a local or remote unprivileged
user to crash the application through a specially crafted font file, resulting in
a Denial of service(DOS) or to execute arbitrary code with the privileges of
the user running that application.

These issues are also described in the following document CVE-2009-0946 at :

Permalink |

A security vulnerability in the Sun Java System Directory Server(ns-slapd and slapd.exe) may allow a remote unprivileged user to crashthe Directory Server process via crafted LDAP search requests, therebyleading to a Denial of Service (DoS) condition.

Permalink |

An integer overflow security vulnerability in the Solaris Kerberos (see kerberos(5)) crypto library
may allow an unprivileged local or remote user to cause one of the Kerberos daemons to crash, or,
under extraordinarily unlikely conditions, execute arbitrary code wth elevated privileges by inducing
the decryption of an invalid AES or RC4 ciphertext. If a master or slave Key Distribution Center (KDC)
is compromised then all services relying on that KDC for authentication may be compromised as well.

This issue is also referenced in:

MIT krb5 Security Advisory 2009-004
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2009-004.txt

CVE-2009-4212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212




Permalink |

Multiple security vulnerabilities have been identified in thePostgreSQL software shipped with Solaris. These vulnerabilities mayallow a remote authenticated user with certain privileges to gain extraprivileges via a table with a crafted index function. Furthervulnerabilities may allow man-in-the-middle attacks on SSL basedPostgreSQL servers by substituting malicious SSL certificates fortrusted ones.

These issues are described in the following documents:


Permalink |

Multiple security vulnerabilities exist in the Solaris TCP (seetcp(7P)) implementation due to the lack of resource control mechanisms.These issues may allow a remote privileged user with real IP addressesor subnet to easily cause certain network services on the affectedsystem to become unresponsive, which is a type of Denial of Service(DoS). The extent of the impact depends on the network application.

These issues are also referenced in the following documents:

CERT-FI Advisory on the Outpost24 TCP Issues [FICORA #193744] at https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

CVE CVE-2008-4609 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609

US-CERT VU#723308 at http://www.kb.cert.org/vuls/id/723308

Sun acknowledges with thanks, Jack C. Louis and Robert E. Lee ofOutpost24, and CERT-FI for bringing these issues to our attention.

Permalink |

A Security Vulnerability in the ntp Daemon (xntpd(1M)) associatedwith the handling
of NTP mode 7 (MODE_PRIVATE), may lead to consumption of CPU andexcessive
logging resulting in a denial of the Solaris Network Time Protocol(NTP)Service.

This issue is also described in the following documents:

CVE-2009-3563 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
US-CERT Vulnerability Note VU#568372 at http://www.kb.cert.org/vuls/id/568372



Permalink | Comments [1]

A  security vulnerability in the the OSCAR protocol pluginlibrary, the shared library that adds support for various instantmessaging networks to the pidgin(1) Instant Messaging client(previously known as Gaim), may allow remote unprivileged users tocause a Denial of Service (DoS) through an application crash viacrafted contact-list data for (1) ICQ and possibly (2) AIM.

This issue is also referenced in the following document:

CVE-2009-3615 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615

Permalink |

A security vulnerability in the Sun Java System Identity Manager may allow a local or remote unprivileged user to gain unauthorized access with all administrator privileges when Identity Manager is configured with Sun Java System Access Manager, OpenSSO Enterprise 8.0 or IBM Tivoli Access Manager.

Permalink |

An integer overflow vulnerability in the GNU Image ManipulationProgram
(GIMP(1)) may allow a local or remote unprivileged user to crash gimp
via a carefully crafted Bitmap (bmp) image file, resulting in a Denial
of Service (DoS) or to execute arbitrary code with the privileges of a
local user using gimp application.

This issue is also described in the following document:
CVE-2009-1570 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570

Permalink |

A security vulnerability in Solaris Trusted Extensions due to librarieswhich were not delivered with the Trusted Extensions may allow a localprivileged user to run arbitrary code with elevated privileges.

Permalink |

Multiple buffer and integer overflow vulnerabilities in Python (seepython(1)) may allow a local or remote unprivileged user to execute arbitrary code with the privileges of the Python application or crash aPython application resulting in a Denial of Service (DoS).

These issues are also referenced in the following documents:


Permalink |