Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Solaris Multiple Flaws Let Remote Users Gain Full Control and Local Users Partially Access and Modify Data and Deny Service
|
|
SecurityTracker Alert ID: 1024975 |
|
SecurityTracker URL: http://securitytracker.com/id/1024975
|
|
CVE Reference:
CVE-2010-2632, CVE-2010-3586, CVE-2010-4415, CVE-2010-4433, CVE-2010-4435, CVE-2010-4440, CVE-2010-4442, CVE-2010-4443, CVE-2010-4446, CVE-2010-4457, CVE-2010-4458, CVE-2010-4459, CVE-2010-4460
(Links to External Site)
|
Date: Jan 18 2011
|
Impact:
Denial of service via local system, Denial of service via network, Disclosure of user information, Modification of user information, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8, 9, 10, 11 Express
|
Description:
Multiple vulnerabilities were reported in Solaris. A remote user can gain full control of the target system. A local user can cause denial of service conditions. A local user can partially access and modify data on the target system.
The FTP Server [CVE-2010-2632], XScreenSaver [CVE-2010-3586], libc [CVE-2010-4415], Ethernet Driver [CVE-2010-4433], CDE Calendar Manager Service Daemon [CVE-2010-4435], Kernel [CVE-2010-4440, CVE-2010-4442, CVE-2010-4443, CVE-2010-4446, CVE-2010-4459], CIFS [CVE-2010-4457], ZFS [CVE-2010-4458], and Fault Manager Daemon [CVE-2010-4460] components are affected.
The following researchers reported these and other Oracle vulnerabilities:
Alexander Kornbrust of Red Database Security; Alexandr Polyakov of Digital Security; Alexey Sintsov of Digital Security Research Group; Andrea Micalizzi aka rgod, working with TippingPoint's Zero Day Initiative; Andrey Labunets of Digital Security Research Group; Cris Neckar of Neohapsis, Inc.; Daniel Fahlgren; Esteban Martinez Fayo of Application Security, Inc.; Evdokimov Dmitriy of Digital Security Research Group; Karan Saberwal; Laszlo Toth; Maksymilian Arciemowicz of SecurityReason; Martin Rakhmanov of Application Security, Inc.; Matt Parcell of Accuvant; Monarch2020 of unsecurityresearch.com; Robert Clugston of Accuvant; Roberto Suggi Liverani of Security-Assessment.com; Rodrigo Rubira Branco (BSDaemon) via TippingPoint's Zero Day Initiative; and Sumit Siddharth from 7safe.
|
Impact:
A remote user can gain full control of the target system.
A local user can cause denial of service conditions.
A local user can partially access and modify data on the target system.
|
Solution:
The vendor has issued a fix, described in their January 2011 Critical Patch Update advisory.
The Oracle advisory is available at:
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
|
Vendor URL: www.oracle.com/technetwork/topics/security/cpujan2011-194091.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
Go to the Top of This SecurityTracker Archive Page
|
