Sun Security Blog
Security
|
24 Jun 2006
Sun Alert 102479 Cross-Site Scripting Vulnerability in Sun ONE and Sun Java System Application Server
Product: Sun Java System Application Server Standard Edition 7 2004Q2, Sun ONE Application Server 7, Standard Edition, Sun Java System Application Server Enterprise Edition 8.1 2005Q1 A Cross Site Scripting (CSS or XSS) vulnerability in the Sun ONE and Sun Java System Application Server may allow an unprivileged remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server. Avoidance: Patch, Upgrade State: Resolved First released: 23-Jun-2006
Permalink
|
Comments [0]
Product: Solaris 10 Operating System, Sun Java Desktop System Release 2, Mozilla 1.4 for Solaris Multiple security vulnerabilities in certain versions of Mozilla (listed below), may result in one or more of the following issues: 1. A buffer overflow exists that may allow a remote unprivileged user the ability to execute arbitrary code with the privileges of a local user when that local user has loaded an X Bitmap (XBM) format image file or an ICO (Icon Image) image file supplied by an untrusted user or website. [Sun CR 6281360] This issue is described in the following documents:
2. A security vulnerability may allow a malicious website to crash the Mozilla browser when the user drags an image across multiple windows. [Sun CR 6282190] This issue is described in the following document: 3. A security vulnerability may allow a malicious website to inject content into a frame. This is known as the "frame injection vulnerability". [Sun CR 6282170] This issue is described in the following documents:
4. A security vulnerability may allow a malicious website to hang the Mozilla web browser creating a Denial of Service (DoS) by providing a table with large rowspans or colspans. [Sun CR 6284465] This issue is described in the following document: Avoidance: Patch, Workaround, Upgrade State: Resolved First released: 14-Oct-2005
Permalink
|
Comments [0]
08 Jun 2006
Sun Alert 102321 Incomplete Authentication and Authorization in Sun Grid Engine 5.3 and N1 Grid Engine 6.0 Certificate Security Protocol (CSP) Mode
Product: Sun N1 Grid Engine 6, Sun Grid Engine 5.3 A security vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0 may allow a local unprivileged user the ability to shut down the grid service, or use the grid service even if access was denied. Avoidance: Patch, Upgrade State: Resolved First released: 07-Jun-2006
Permalink
|
Comments [0]
Product: Storage Automated Diagnostic Environment 2.4 A local unprivileged user may be able to execute arbitrary code with the privileges of another user (including root), due to incorrect file and directory permissions from one of the package components of the Sun Storage Automated Diagnostic Environment (StorADE) Software. Avoidance: Patch, Workaround State: Resolved First released: 02-Jun-2006
Permalink
|
Comments [0]
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 7 Operating System, Solaris 8 Operating System On platforms supporting simultaneous multi-threading (Hyper-Threading technology), local unprivileged users might be able to deduce potentially secret data from another executing thread, using cache eviction analysis techniques. This issue is described in "Cache Missing for Fun and Profit" by Colin Percival, at http://www.daemonology.net/papers/htt.pdf. This issue is referenced by CERT vulnerability note VU#911878 at http://www.kb.cert.org/vuls/id/911878 and CAN-2005-0109 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0109. Avoidance: Workaround State: Resolved First released: 01-Jun-2005
Permalink
|
Comments [0]
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
