Sun Security Blog
Security
|
28 Feb 2006
Sun Alert 102192 Integer Overflow Vulnerability in Perl May Lead to Application Crash or Code Execution
Product: Solaris 10 Operating System An unprivileged local user may be able to cause a Perl application to crash or possibly execute arbitrary code with the privileges of the Perl application due to an integer overflow in the Perl_sv_vcatpvfn() function. Being able to crash a Perl application is a type of Denial of Service (DoS). If the Perl application accepts input from remote users then the impact can be extended to include remote unprivileged users. This issue is referenced in the following document: CVE-2005-3962 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962 Avoidance: Patch State: Resolved First released: 28-Feb-2006
Permalink
|
Comments [0]
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System A security vulnerability in the Solaris file system driver for hsfs(7FS) file systems may allow local unprivileged users the ability to panic the system, creating a Denial of Service (DoS) condition, and/or execute arbitrary code with elevated privileges. Avoidance: Patch, Workaround State: Resolved First released: 24-Feb-2006
Permalink
|
Comments [0]
Product: Solaris 10 Operating System An unprivileged local user may be able to execute arbitrary commands with elevated privileges on Kerberos systems due to a security vulnerability in the in.rexecd(1M) daemon. Avoidance: Patch, Workaround State: Resolved First released: 14-Feb-2006
Permalink
|
Comments [0]
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System A security vulnerability in the Xsun(1) and Xorg(1) X servers may allow a local unprivileged user the ability to execute arbitrary code with the privileges of the Xsun(1) or Xorg(1) X server due to an integer overflow in the X Pixmap (Xpm) format image file creation routines. This issue is described in the following document: Avoidance: Patch State: Resolved First released: 15-Sep-2005
Permalink
|
Comments [0]
Product: Java 2 Platform, Standard Edition A vulnerability in Java Web Start may allow an untrusted application to elevate its privileges. For example an application may grant itself permissions to read and write local files that are accessible to the user running the Java Web Start application. Sun acknowledges, with thanks, Peter Csepely, for bringing this issue to our attention. Avoidance: Upgrade State: Resolved First released: 07-Feb-2006
Permalink
|
Comments [0]
07 Feb 2006
Sun Alert 102171 Security Vulnerabilities in the Java Runtime Environment may Allow an Untrusted Applet to Elevate its Privileges
Product: Java 2 Platform, Standard Edition Seven (7) vulnerabilities with the use of "reflection" APIs in the Java Runtime Environment may independently allow an untrusted applet to elevate its privileges. For example an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. Sun acknowledges, with thanks, Adam Gowdiak, for bringing five of the seven issues to our attention. Avoidance: Upgrade State: Resolved First released: 07-Feb-2006
Permalink
|
Comments [0]
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
