A local or remote unprivileged user may be able to cause the Sun Java System Web Server or the Sun ONE Application Server to exit unexpectedly due to a security vulnerability in Network Security Services (NSS). The ability to disable a Sun Java System Web Server or a Sun ONE Application Server is a type of Denial of Service (DoS).

Additional information about Network Security Services (NSS) is available at:

• http://www.mozilla.org/projects/security/pki/nss/

A security vulnerability in the iPlanet Messaging Server and Sun Java System Messaging Server may allow a local unprivileged user to be able to read some data from any file on the system.

This issue is also described in CVE-2006-3159: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3159

A security vulnerability in Sun Java System or iPlanet Messaging Servers may allow remote unprivileged users to craft specific messages which contain Javascript to be executed in the end user's browser.

Sun acknowledges, with thanks, Seth Hall of Ohio State University, for bringing this issue to our attention.

An integer overflow security issue with the Samba(7) smbd(1m) daemon may allow a local or remote authenticated user the ability to execute arbitrary commands with the privileges of Super User (typically root), on a Solaris 9 or Solaris 10 system running as a Samba(7) server.

More information on this issue is available at:

• CERT Vulnerability Note VU#226184 at: http://www.kb.cert.org/vuls/id/226184
• CVE CAN-2004-1154 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154
• Samba Security Announcement at: http://www.samba.org/samba/security/CAN-2004-1154.html

Sun Ray servers running Solaris 8 or Solaris 9 with patches 113240-07, 113240-08, 109354-21, or 109354-22 installed, may fail to lock the screen when a Smartcard is removed and reinserted more than 90 seconds later. Removing and reinserting the Smartcard a second time may cause the lockscreen session to hang.

Note: Patches 113240-07, 113240-08, 109354-21, and 109354-22 have been WITHDRAWN and are no longer available on SunSolve.

A security vulnerability in Samba's "ms_fnmatch()" function may allow a remote unprivileged user the ability to create a Denial of Service (DoS) by causing excessive CPU consumption via a Samba request that contains multiple wildcard characters.

This issue is referenced in the following document:

• CAN-2004-0930 at: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0930

Solaris 10 systems may panic in the tcp_fuse_rcv_drain() TCP/IP function when using TCP loopback connections, where both ends of the connection are on the same system. This may allow a local unprivileged user to cause a Denial of Service (DoS) condition on the affected host.

A security vulnerability in the Netscape Portable Runtime (NSPR) API may allow a local unprivileged user to overwrite or create any file on the system which could lead to privilege escalation or a Denial of Service (DoS).

Additional information regarding this issue is available at:

• CVE-2006-4842 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4842
• iDefense Advisory 10.11.06 available at: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=418

Sun acknowledges with thanks, iDefense (http://www.idefense.com), for bringing this issue to our attention.

iDefense credits an anonymous researcher working with the iDefense Vulnerability Contributor Program for the discovery of this issue.

A security vulnerability resulting from incorrect and insufficient permission checks in the default Solaris 10 configuration may allow a local unprivileged user to create a raw socket on a Solaris link aggregation, resulting in unrestricted access to network packets.