Sun Security Blog
Security
|
29 Jul 2009
Sun Alert 252787 A Security Vulnerability in Solaris Kerberos Credential Management May Lead to Unauthorized Access of Kerberized NFS Mount Points
Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris A security vulnerability in the Solaris Kerberos (see kerberos(5)) credential cache management may allow a local unprivileged user to access Kerberized mount points without authorization. Sun acknowledges with thanks, Anton Lundin for bringing this issue to our attention. State: Resolved First released: 03-Jun-2009
Permalink
|
29 Jul 2009
Sun Alert 259148 Security Vulnerability in the Solaris Simple Authentication and Security Layer (SASL) Library (see libsasl(3LIB)) Routine sasl_encode64(3SASL) may Allow Unprivileged Users to Crash Applications Using this Function
Product: Solaris 10 Operating System OpenSolaris A buffer overflow security vulnerability in the Solaris Simple Authentication and Security Layer (SASL) library (see libsasl(3LIB)) routine sasl_encode64(3SASL) may allow local or remote unprivileged users to crash applications which use this function. CVE CVE-2009-0688 at: State: Resolved First released: 14-May-2009
Permalink
|
29 Jul 2009
Sun Alert 264308 Multiple Security Vulnerabilities in Firefox Versions Prior to 3.5b4 May Allow Execution of Arbitrary Code or Access to Unauthorized Data
Product: OpenSolaris Multiple security vulnerabilities with varying impacts affect Firefox (see firefox(1)) versions prior to 3.5b4 as shipped with OpenSolaris. These vulnerabilities may allow an unprivileged remote user to execute arbitrary code on the system where Firefox is being run, cause a Denial of Service (DoS) crash to the Firefox application, gain unauthorized access to sensitive data, execute arbitrary scripting code within a user's browsing session via Cross-Site Scripting (XSS) exploits to read or modify data from other web sites, obtain sensitive data from the user or information stored in cookies, or to perform Cross-Site Request Forgery (CSRF) attacks. Additional vulnerabilities may allow a remote user to mislead a Firefox user into incorrectly trusting a site by providing a URL in the location bar which may appear to be another URL, or to bypass various security policies that are active in the browser to perform unauthorized activities such as reading local files or initiating network connections. The following URL provides additional details about the vulnerabilities addressed in Firefox versions prior to 3.5b4. http://www.mozilla.org/security/known-vulnerabilities/firefox30.html The Mozilla advisories that describe the vulnerabilities are as follows: MFSA2009-20 MFSA2009-21 MFSA2009-22 MFSA2009-25 MFSA2009-27 MFSA2009-28 MFSA2009-29 MFSA2009-30 MFSA2009-31 MFSA2009-32 MFSA2009-36 The CVE identifiers that pertain to this security issue are as follows: CVE-2009-1194 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 CVE-2009-1834 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 CVE-2009-2468 State: Resolved First released: 29-Jul-2009
Permalink
|
29 Jul 2009
Sun Alert 264808 Security Vulnerability in Solaris Trusted Extensions Involving the Parsing of Labeled Packets May Result in Denial of Service (DoS)
Product: Solaris 10 Operating System OpenSolaris State: Resolved First released: 29-Jul-2009
Permalink
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
