A vulnerability in the OpenSSL (see openssl(5)) toolkit may allow active protocol-version rollback attacks, where an attacker acting as a "man in the middle" can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only.

This issue is described in the following OpenSSL Advisory: http://www.openssl.org/news/secadv_20051011.txt

and referenced in CAN-2005-2969 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969

A vulnerability with the Java Management Extensions (JMX) implementation included with the Java Runtime Environment (JRE) may allow an untrusted applet to elevate its privileges. For example an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges, with thanks, Adam Gowdiak, for bringing this issue to our attention.

A vulnerability in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges, with thanks, Adam Gowdiak, for bringing this issue to our attention.

Three (3) security vulnerabilities with the use of "reflection" APIs in the Java Runtime Environment (JRE) may (independently) allow an untrusted applet to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges, with thanks, Adam Gowdiak, for bringing these issues to our attention.

A Security vulnerability affecting Java GUI applications "jnbSA" and "jbpSA" within Symantec/VERITAS NetBackup may allow a remote unprivileged user the ability to execute arbitrary code with elevated privileges on a targeted system.

This issue is also described in VERITAS support document 279085:

• http://support.veritas.com/docs/279085

A security vulnerability in the libexif JPEG image processing library may allow a remote unprivileged user who provides a carefully crafted JPEG image the ability to execute arbitrary code with the privileges of a local user who opens that image. Furthermore, a remote user may be able to create a Denial of Service (DOS) attack by using a carefully crafted JPEG image.

This issue may occur with applications linked against the libexif library, including (but not limited to), the Eye of Gnome (eog) application, which is distributed as part of the Java Desktop System.

Note: Most digital cameras produce EXIF files, which are Joint Photographic Experts Group (JPEG) files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags.

This issue is described in the following documents:

• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0664
• http://www.novell.com/linux/security/advisories/2005_11_sr.html

Multiple security vulnerabilities in the traceroute(1M) utility may allow an unauthorized local user the ability to execute arbitrary code with elevated privileges. The traceroute(1M) utility in Solaris 10 is privilege aware and thus the only additional privilege available is PRIV_NET_RAWACCESS (see privileges(5)). This limits the impact by only allowing access to the network layer.

These issues are described in the following document:

• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2071

A security vulnerability in the Sun ONE and Sun Java System Directory Server's HTTP administrative interface may allow a local or remote unprivileged user the ability to kill the admin server or execute arbitrary commands on the system with the privileges of the admin server process. The admin server process normally runs as the privileged "root" user. The ability to kill the admin server is a type of Denial of Service.

This issue is described in NGSSoftware SecurityTracker Alert ID 1015014 at:

• http://securitytracker.com/alerts/2005/Oct/1015014.html

Sun acknowledges, with thanks, Peter Winter-Smith of NGSSoftware, for bringing this issue to our attention.

An unprivileged remote user may be able to cause a Denial of Service (DoS) of the Domain Name System (DNS) by causing in.named(1M) to make unnecessary queries to root servers for address records.

Applications, systems and devices relying on the Domain Name System may then fail.

A security vulnerability in the Sun Java Communications Express software may allow a local or remote unprivileged user the ability to read the Communications Express application configuration files which contain sensitive information.