Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Solaris Lets Remote Users Gain Full Control and Local Users Access and Modify Data and Deny Service
|
|
SecurityTracker Alert ID: 1026211 |
|
SecurityTracker URL: http://securitytracker.com/id/1026211
|
|
CVE Reference:
CVE-2011-2286, CVE-2011-2292, CVE-2011-2304, CVE-2011-2311, CVE-2011-2312, CVE-2011-2313, CVE-2011-3508, CVE-2011-3515, CVE-2011-3534, CVE-2011-3535, CVE-2011-3536, CVE-2011-3537, CVE-2011-3539, CVE-2011-3542, CVE-2011-3543
(Links to External Site)
|
Date: Oct 18 2011
|
Impact:
Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8, 9, 10, 11, Express
|
Description:
Multiple vulnerabilities were reported in Solaris. A remote user can gain full control of the target system. A remote or local user can cause denial of service conditions. A local user can partially access or modify data on the target system.
The ZFS [CVE-2011-2286, CVE-2011-2311, CVE-2011-2312, CVE-2011-2313], xscreensaver [CVE-2011-2292], Network Services Library (libnsl(3LIB)) [CVE-2011-2304], User Administration [CVE-2011-2310], LDAP library [CVE-2011-3508], Process File System [CVE-2011-3515], Network Status Monitor (statd(1M)) [CVE-2011-3534], Remote Quota Server (rquotad(1M)) [CVE-2011-3535], DTrace Software Library (libdtrace(3LIB)) [CVE-2011-3536], Kernel/Filesystem [CVE-2011-3537], Zones [CVE-2011-3539], Kernel/Performance Counter BackEnd Module (pcbe) [CVE-2011-3542], and iSCSI DataMover(IDM) [CVE-2011-3543] components are affected.
The following researchers reported these and other Oracle vulnerabilities:
Esteban Martinez Fayo of Application Security, Inc.; Guy Karlebach of Imperva, Inc.; Joonas Kuorilehto and Juho Juopperi; Martin Rakhmanov of Application Security, Inc.; Michael Schmidt of Compass Security; Moritz Jodeit; Ofer Maor formerly of Hacktics; Pavel Polischouk of TELUS Security Labs; Recx ApexSec; and Steven Seeley of Corelan Team.
|
Impact:
A remote user can gain full control of the target system.
A remote or local user can cause denial of service conditions.
A local user can partially access or modify data on the target system.
|
Solution:
The vendor has issued a fix, described in their October 2011 Critical Patch Update advisory.
The vendor's advisory is available at:
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
|
Vendor URL: www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 18 Oct 2011 23:44:00 +0000
Subject: Oracle Sun Solaris
|
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
CVE-2011-2286 Solaris
CVE-2011-2292 Solaris
CVE-2011-2304 Solaris
CVE-2011-2311 Solaris
CVE-2011-2312 Solaris
CVE-2011-2313 Solaris
CVE-2011-3508 Solaris
CVE-2011-3515 Solaris
CVE-2011-3534 Solaris
CVE-2011-3535 Solaris
CVE-2011-3536 Solaris
CVE-2011-3537 Solaris
CVE-2011-3539 Solaris
CVE-2011-3542 Solaris
CVE-2011-3543 Solaris
|
|
Go to the Top of This SecurityTracker Archive Page
|
