Two Cross Site Scripting vulnerabilities in the Sun Secure Global Desktop (SSGD) software may allow a local or remote unprivileged user to execute arbitrary script commands in another user's context, potentially allowing an unprivileged remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server.

Sun acknowledges, with thanks, Marc Ruef of scip AG for bringing this issue to our attention.

On Solaris 8, 9 and 10 systems utilizing an IPv6 address, a remote unprivileged user may be able to panic the system, causing a Denial of Service (DoS) condition.

A security vulnerability in the Solaris 10 kernel SSL feature may allow a remote unprivileged user acting as an SSL client to panic the system, creating a Denial of Service (DoS) condition.

Solaris 10 x64 systems configured to use Internet Protocol Version 6 (ip6(7P)) may panic when processing certain IPv6 packets. A local or remote unprivileged user may be able to send IPv6 packets that could panic the system causing a Denial of Service (DoS).

A security vulnerability may allow a local unprivileged user to disable the syslog(3c) function, resulting in the failure of messages to be written to the system log. Disabling of system logging constitutes a Denial of Service (DoS).

A buffer overflow vulnerability in libX11 may allow local unprivileged users to be able to execute arbitrary code or commands with elevated privileges. The code or commands executed would run with the privileges of the application dynamically linked to the libX11 library. A number of programs shipped in Solaris and by third parties dynamically link with the libX11 library and run with elevated privileges.

Sun acknowledges with thanks, RISE Security, for bringing this issue to our attention.

This issue is also referenced in: http://www.risesecurity.org/advisory/RISE-2006001.txt