A security vulnerability in the X2100 and X2200 M2 Embedded Lights Out Manager (ELOM) software may allow remote unprivileged users the ability to initiate unauthorized network traffic from the embedded service processor (SP). This may allow the SP to be used as a proxy to send unsolicited bulk e-mail (spam).

The Layout Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS).

The following Mozilla advisory describes 30 separate issues. Of these issues, 20 affect the Layout engine and are listed under CVE-2007-2867, and 10 affect the JavaScript engine and are listed under CVE-2007-2868:

• http://www.mozilla.org/security/announce/2007/mfsa2007-12.html

This Sun Alert corresponds to the 20 Layout engine issues described in the Mozilla advisory under CVE-2007-2867.

Additional references:

• CVE-2007-2867 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867
• CERT VU#751636 at: http://www.kb.cert.org/vuls/id/751636
• CERT Technical Cyber Security Alert TA07-151A at: http://www.us-cert.gov/cas/techalerts/TA07-151A.html

A security vulnerability in the X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) software may allow remote unprivileged users the ability to execute arbitrary commands with root privileges on the embedded Service Processor (SP).

A security vulnerability in the Solaris 10 Internet Protocol (ip(7P)) may allow a local unprivileged user the ability to cause a system panic, thereby causing a Denial of Service (DoS) to the system as a whole.

A security vulnerability in Solaris 10 SCTP INIT processing (see sctp(7P)) may allow a privileged remote user to panic the system, resulting in a Denial of Service (DoS).

Certain releases of Sun Java System Application Server and Sun Java System Web Server (listed in "Contributing Factors") do not securely process XSLT stylesheets contained in XSLT Transforms in XML Signatures. This could allow malicious XLST stylesheets to be executed which may, for example, allow execution of an arbitrary Java method.

Sun acknowledges, with thanks, Brad Hill of iSEC Partners, for bringing this issue to our attention.

A security vulnerability in various releases of Sun Java System Application Server may allow source code exposure of JSPs on the Windows platform. This would allow unauthorized remote users the ability to view critical source code.

Multiple security vulnerabilities in the Samba (samba(7)) software for Solaris may allow a local or remote user to issue unauthorized Samba operations or to execute arbitrary code or commands with elevated privileges. In addition, it may be possible for a remote authenticated user to cause the Samba service to consume excessive amounts of CPU and memory, resulting in a Denial of Service (DoS) to the system.

These issues are described in the following documents:

CVE-2007-2444 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444 

CVE-2007-2446 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446

CVE-2007-2447 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447

CVE-2007-0452 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452

A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang.

Sun acknowledges, with thanks, Chris Evans of the Google Security Team, for bringing these issues to our attention.

These issues are also referenced in the following documents:

CVE-2007-2788 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788

CVE-2007-2789 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789

A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.

Sun acknowledges with thanks, Billy Rios for bringing this issue to our attention.

This issue has been reported at:

http://conference.hitb.org/hitbsecconf2007kl/?page_id=148

A vulnerability in the Virtual Machine of the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges with thanks, Azul Systems, Inc., for bringing this issue to our attention.

A remote code execution vulnerability in Mozilla 1.7 may allow a remote user who has created a web page visited by a local user using Mozilla, or who has sent a specially crafted e-mail read by a local user using Mozilla to execute arbitrary JavaScript commands with the privileges of that user.

This vulnerability is described in the following Mozilla advisory:

http://www.mozilla.org/security/announce/2006/mfsa2006-67.html

This issue is also described in the following documents:

CVE-2006-5463 at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5463

CERT VU#714496 at http://www.kb.cert.org/vuls/id/714496

CERT Technical Cyber Security Alert TA06-312A at http://www.us-cert.gov/cas/techalerts/TA06-312A.html

A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application or Java applet to move or copy arbitrary files on the system that the application or applet runs on, by requesting the user of the application or applet to drag a file from the application or applet window to a desktop application that has permissions to accept and write files on the system. To exploit this vulnerability, the application or applet has to successfully persuade the user to drag and drop the file.

When an untrusted applet or application displays a window, the Java Runtime Environment includes a warning banner inside the window to indicate that the applet or application is untrusted. A defect in the Java Runtime Environment may allow an untrusted applet or application that is downloaded from a malicious website to display a window that exceeds the size of a user's screen so that the warning banner is not visible to the user.

Sun acknowledges with thanks, Giorgio Maone from InformAction for bringing this issue to our attention.

The Layout Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla. The ability of a remote user to cause the Mozilla application to crash is a type of Denial of Service (DoS).

The following Mozilla advisory describes four separate memory corruption issues:

http://www.mozilla.org/security/announce/2006/mfsa2006-65.html

This Sun Alert corresponds to two of the issues described in the Mozilla advisory above:

https://bugzilla.mozilla.org/show_bug.cgi?id=307809

https://bugzilla.mozilla.org/show_bug.cgi?id=351328

Also note that Mozilla 1.7 is not affected by the following two vulnerabilities mentioned in the advisory:

https://bugzilla.mozilla.org/show_bug.cgi?id=310267

https://bugzilla.mozilla.org/show_bug.cgi?id=350370

Additional references that describe these issues can be found in the following documents:

CVE-2006-5464 at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5464

CERT VU#495288 at http://www.kb.cert.org/vuls/id/495288

CERT Security Alert TA06-312A at http://www.us-cert.gov/cas/techalerts/TA06-312A.html