Main | Next month (Feb 2006) »
31 Jan 2006 Sun Alert 102149 Security Vulnerability in x64 Kernel Processing may Cause a System Panic
posted by security in Alerts
Product: Solaris 10 Operating System

A security vulnerability in Solaris 10 x64 kernel processing may allow a local unprivileged user the ability to cause a system panic, creating a Denial of Service (DoS) condition.

Avoidance: Patch, Workaround
State: Resolved
First released: 31-Jan-2006
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102149-1
Permalink | Comments [0]
30 Jan 2006 Sun Alert 102148 SecurityVulnerabilities in Sun StorEdge Enterprise Backup Software (EBS)
posted by security in Alerts
Product: Sun StorEdge Enterprise Backup Software 7.2, Sun StorEdge Enterprise Backup Software 7.0, Solstice Backup 6.0, Solstice Backup 6.1, Sun StorEdge Enterprise Backup Software 7.1

There are three vulnerabilities in Sun StorEdge Enterprise Backup Software (EBS), which affect both the client and server applications. Two of the vulnerabilities could permit a local or remote unauthorized user to gain access to a host system and execute arbitrary code. One may allow a local or remote unauthenticated user to cause a system crash on the server, which would lead to a Denial of Service (DoS) condition.

Note: To date there are no reported incidences of this issue having occurred in a "live" (public) environment.

These issues are referenced in the following iDEFENSE (http://www.idefense.com) documents:

IDEF1237 "...Networker nsrd.exe DoS Vulnerability" at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375

IDEF1238 "...Networker nsrexecd.exe Heap Overflow Vulnerability" at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374

IDEF1239 "...Networker nsrd.exe Heap Overflow Vulnerability" at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373

and also

CAN-2005-3658 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3658

CAN-2005-3659 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3659

Avoidance: Patch
State: Resolved
First released: 25-Jan-2006
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102148-1
Permalink | Comments [0]
13 Jan 2006 Sun Alert 102033 Vulnerabilities in lpsched(1M) May Allow an Unprivileged User to Remove System Files or Disable the LP Service
posted by security in Alerts
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

Security vulnerabilities in lpsched(1M) may allow a local unprivileged user the ability to delete any file or disable the LP print service on a system configured as a print server.

Sun acknowledges, with thanks, Hiroshi Nakano of Ryukoku University for bringing these issues to our attention.

Avoidance: Patch
State: Resolved
First released: 13-Jan-2006
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102033-1
Permalink | Comments [0]
11 Jan 2006 Sun Alert 102066 Security Vulnerability May Allow An Unprivileged Local User to Gain Root Access or Panic the OS
posted by security in Alerts
Product: Solaris 9 Operating System, Solaris 10 Operating System

On Solaris 10 x86 systems, or on Solaris 9 x86 systems with patch 112234-11 or 112234-12 or patch 117172-16 (or later) installed, a local unprivileged user may have the ability to gain root access or panic the Solaris operating system.

Avoidance: Patch
State: Resolved
First released: 11-Jan-2006
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102066-1
Permalink | Comments [0]
11 Jan 2006 Sun Alert 102108 Security Vulnerability Using find(1) to Search "/proc" May Cause a Denial of Service (DoS) Condition
posted by security in Alerts
Product: Solaris 10 Operating System

A local unprivileged user running find(1) against the "/proc" filesystem may panic the system, creating a Denial of Service (DoS) condition.

Avoidance: Patch
State: Resolved
First released: 11-Jan-2006
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102108-1
Permalink | Comments [0]
09 Jan 2006 Sun Alert 101933 Security Vulnerabilities in uucp(1C) and uustat(1C)
posted by security in Alerts
Product: Solaris 9 Operating System, Solaris 8 Operating System

Security vulnerabilities in the uucp(1C) and uustat(1C) utilities may allow local unprivileged users the ability to execute arbitrary commands with the privileges of the "uucp" user (user ID 5 by default).

The uustat(1C) issue is also referenced here:

Sun acknowledges, with thanks, iDefense Labs and Angelo Rosiello (http://www.rosiello.org/) for bringing the uustat(1C) issue to our attention.

Avoidance: Patch, Workaround
State: Resolved
First released: 09-Jan-2006
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101933-1
Permalink | Comments [0]

Main | Next month (Feb 2006) »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« January 2006 »
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.