Security vulnerabilities in the Solaris IP(7P) module and STREAMS Framework may allow an unprivileged local user to leak kernel memory, eventually causing the system to hang. This is a type of Denial of Service (DoS).

Permalink | Comments [0]

A  security vulnerability in the the OSCAR protocol plugin library, the shared library that adds support for various instant messaging networks to the pidgin(1) Instant Messaging client (previously known as Gaim), may allow remote unprivileged users to cause a Denial of Service (DoS) through an application crash via crafted contact-list data for (1) ICQ and possibly (2) AIM.

This issue is also referenced in the following document:

CVE-2009-3615 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615

Permalink | Comments [0]

The web interface of the Common Unix Printing System (CUPS) in versions 1.4.1 and earlier is impacted by multiple security vulnerabilities which may lead to Cross-Site Scripting (XSS) and HTTP Response Splitting Attacks. These vulnerabilities could allow an unprivileged local or remote user (depending on the CUPS configuration), to inject malicious client-side scripts or HTML into the CUPS web interface page.

These issues are also described in the following document:

Permalink | Comments [0]

Multiple security vulnerabilities in libpng(3), which is shipped with Solaris, may allow a local or remote unprivileged user to disclose potentially sensitive information associated with applications linked to libpng(3), when a user has loaded a specially crafted Portable Network Graphics (PNG) format image file (.png) supplied by an untrusted user.

These issues are also described in the following document:

    CVE-2009-2042 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042

Permalink | Comments [0]

A security vulnerability in Solaris TCP sockets may allow local unprivileged users to leak kernel memory, thereby causing a Denial of Service (DoS) condition.
Permalink | Comments [0]

A security vulnerability in the TLS protocol (TLS 1.0 or later and SSLv3) may allow an unauthenticated, remote attacker to conduct man-in-the-middle (MITM) type of attacks where chosen plain text may be injected as a prefix in an user's TLS session. This vulnerability does not allow one to decrypt the intercepted network communication.

This issue is referenced in CVE-2009-3555

Exact nature of the impact depends on the application making use of the TLS facility. Applications which use Network Security Services (NSS), Java Secure Socket Extensions (JSSE), OpenSSL or GnuTLS libraries may be affected.

Sun is evaluating the impact of the issue on various products which make use of the TLS libraries. We are working to fix the TLS implementations according to the TLS protocol standard extensions currently being developed.

Solaris Kernel SSL proxy module KSSL does not support client renegotiation or rehandshake. It ignores the rehandshake message which is an allowed behavior by the SSL/TLS specification. Hence it is not vulnerable to this issue. KSSL (see ksslcfg(1M)) is available in Solaris 10 and OpenSolaris. It may be used to workaround the described issue.

tags: gnutls jsse nss openssl security tls vulnerability

Permalink |

Two security vulnerabilities exist in the Apache 2 mod_perl2(3) module
components which affect the Apache 2.0 web server bundled with Solaris
10 and the Apache 2.2 web server bundled with OpenSolaris.

The first issue, a Denial of Service (DoS) vulnerability in the "RunPerl.pm"
component (CVE-2007-1349), may allow a remote unprivileged user to
cause a Denial of Service to the Apache 2 "httpd" process.

The second issue, a Cross Site Scripting (CSS or XSS) vulnerability in the
"Status.pm" component (CVE-2009-0796), may allow a remote unprivileged
user to inject arbitrary web script or HTML. This may allow the unprivileged
user to bypass access control and gain access to unauthorized data.

Additional information regarding these issues is available at:

CVE-2007-1349 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349

CVE-2009-0796 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796




Permalink |

A remote unprivileged user may be able to crash an application which dynamically links to the Portable Network Graphics library (libpng(3)) due to a security vulnerability in libpng(3). The ability to crash an application is a type of Denial of Service (DoS). A number of applications which comprise the GNOME desktop environment dynamically link with libpng(3).

This issue is described in the following documents:

• CERT VU# 684664 at: https://www.kb.cert.org/vuls/id/684664
• CVE-2007-2445 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445

Permalink |

A security vulnerability in SCTP (Stream Control Transmission Protocol (see sctp(7P))) and SDP (Sockets Direct Protocol driver (see sdp(7D))) sockets may allow local unprivileged users to leak kernel memory, thereby causing a Denial of Service (DoS) condition.
Permalink |

The Java Runtime Environment (JRE) Java Update mechanism running on non-English versions of the Windows operating system does not update the JRE when a new version is available.

Sun acknowledges with thanks, Tomasz "Tometzky" Ostrowski for bringing this issue to our attention.

Permalink |

Two vulnerabilities in the Java Runtime Environment with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition.

Sun acknowledges with thanks, BFK edv-consulting GmbH, for bringing the first issue to our attention.

Permalink |

A security vulnerability in the Java Runtime Environment with verifying HMAC digests may allow authentication to be bypassed. This could allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures may be vulnerable to this type of attack.

Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

Sun acknowledges, with thanks, Coda Hale for bringing this issue to our attention.

Permalink |

A command execution vulnerability in the Java Runtime Environment Deployment Toolkit may be leveraged to execute arbitrary code. This may occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability.

Sun acknowledges with thanks, an anonymous researcher working with iDefense for bringing this issue to our attention.

Permalink |

Multiple buffer and integer overflow vulnerabilities in the Java Runtime Environment with processing audio and image files may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges with thanks, the following researchers for bringing these issues to our attention:

CR 6854303: An anonymous researcher, working with the Zero Day Initiative (http://www.zerodayinitiative.com) and TippingPoint (http://www.tippingpoint.com).

CR 6862970: An anonymous researcher working with the iDefense VCP (http://labs.idefense.com/vcp/).

CR 6872357 and CR 6872358: Peter Vreugdenhil, working with the Zero Day Initiative (http://www.zerodayinitiative.com) and TippingPoint (http://www.tippingpoint.com).

CR 6872358, CR 6862969 and CR 6862968: regenrecht working with iDefense VCP (http://labs.idefense.com/vcp/).

CR 6874643: regenrecht working with Zero Day Initiative (http://www.zerodayinitiative.com) and TippingPoint (http://www.tippingpoint.com).

Permalink |

Permalink |