A Cross-site Scripting Vulnerability (XSS) affecting Sun Java System Web Server and Sun Java System Web Proxy Server may allow a remote user to gain unauthorized access to data under certain conditions through the execution of inserted scripts.

Sun acknowledges with thanks, Daiki Fukumori of Secure Sky Technology and JPCERT/CC for bringing these issues to our attention.

A default account vulnerability in the Oracle database component of Sun Management Center (Sun MC) server software may allow remote unprivileged users to gain unauthorized access to the database or execute arbitrary code with the privileges of Oracle database server. The database server runs as the unprivileged user "smcorau".

Multiple security vulnerabilities exist within the plugins used by the Gnome Image manipulation and paint program (gimp(1)).

These security vulnerabilities which are within the sunras, psd, and pcx plugins of (gimp(1)), may allow a remote unprivileged user the ability to crash (gimp(1)) and execute arbitrary code with the privileges of a local user when (gimp(1)) loads a carefully crafted Sun Raster image file, PSD image file, or PCX image file.

These issues are described in the following documents:

• CVE-2007-2356 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356
• CVE-2007-2949 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
• CVE-2005-1046 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046

Solaris 9 systems with Solaris Auditing (see bsmconv(1M)) enabled and with the sshd(1M) patches installed as listed in section 2 below will contain audit records with an incorrect audit-ID. In addition, incomplete audit classes may be selected for users logging in via ssh(1).

Three security vulnerabilities in the Adobe Flash Player product shipped with Solaris 10 may allow remote users who create applications that are viewed with the Flash Player to perform unauthorized actions on the host. These actions may include executing arbitrary code with the privileges of the user running the Flash Player, generation of unauthorized HTTP requests from the affected host, or, depending on the browser that is used with the Flash player, unauthorized access to information entered into the affected host via the logging of keystrokes.

These issues are described in the following documents:

  APSB07-12 at http://www.adobe.com/support/security/bulletins/apsb07-12.html

  CVE-2007-3456 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456

  CVE-2007-3457 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457

  CVE-2007-2022 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022

  CERT Technical Cyber Security Alert TA07-192A at http://www.us-cert.gov/cas/techalerts/TA07-192A.html

A security vulnerability in HSQLDB (the default database engine shipped with StarOffice 8), may allow a remote unprivileged user who provides a StarOffice database document that is opened by a local user to execute arbitrary Java code on the system with the privileges of the user running StarOffice/StarSuite 8.

This issue is also described in the following document:

CVE-2007-4575 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4575

Security vulnerabilities with telnet(1), Secure Shell (SSH), and httpd in the Sun SPARC Enterprise M4000/M5000/M8000/M9000 XSCF Control Package (XCP) firmware versions prior to 1050 may allow a remote unprivileged user to cause a Denial of Service (DoS).

Two security vulnerabilities in the OpenSSL product (see openssl(5)) shipped with Solaris 10 may affect applications which make use of this product. Depending on the individual application, the first issue may allow a local or remote unprivileged user to execute arbitrary code with the privileges of the user running the application.

The second issue may allow a remote user who controls a server to which an application connects to crash that application, causing a Denial of Service (DoS) condition.

These issues are also referenced in the following documents:

http://www.openssl.org/news/secadv_20060928.txt

CVE-2006-3738 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738

CVE-2006-4343 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Sun wishes to acknowledge with thanks, Tavis Ormandy and Will Drewry (Google Security Team) for bringing these issues to our attention.