Sun Security Blog
Security
|
Product: Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Third-party applications which utilize GSS-API and thus link to the Generic Security Services library libgss(3LIB), may allow an unauthenticated user (local or remote depending on the application) the ability to execute arbitrary code with the privileges of the application. Note: Exploitation of this vulnerability is believed to be difficult. No exploit code is known to exist at this time. This issue is referenced in the following documents: MITKRB5-SA-2006-003 - MIT krb5 Security Advisory 2006-003 at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-003-mechglue.txt CVE-2006-6144 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-6144 CERT VU#831452 at http://www.kb.cert.org/vuls/id/831452 State: Resolved First released: 14-May-2009
Permalink
|
Comments [3]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_102772_third_party
Post a Comment: |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Hi Sun Security Coordination Team,
It is checked that the sshd come with Solaris 10 is linked with /usr/lib/libgss.so.1. So, does that mean all Solaris 10 system's are affected?
Thanks & Regards
Paul
Posted by Paul Liong on May 25, 2009 at 11:58 PM PDT #
Sun Alert 102772:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102772-1
states the following in the 'Contributing Factors' section:
"3. No applications shipped by Sun, including kadmind(1M), are affected by
this issue."
So the version of sshd(1M) supplied with Solaris 10 is not impacted by this
issue.
Posted by Brent Paulson on May 26, 2009 at 03:55 AM PDT #
Hi Brent Paulson,
Sorry. I have missed this note. Thanks a lot.
Regards
Paul
Posted by Paul Liong on May 26, 2009 at 06:34 PM PDT #