SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Solaris Vendors:   Oracle, Sun
Oracle Solaris Multiple Flaws Let Remote and Local Users Partially Access Data, Modify Data, and Deny Service and Remote Authenticated or Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1031583
SecurityTracker URL:  http://securitytracker.com/id/1031583
CVE Reference:   CVE-2003-0001, CVE-2014-4259, CVE-2014-6480, CVE-2014-6481, CVE-2014-6509, CVE-2014-6510, CVE-2014-6518, CVE-2014-6521, CVE-2014-6524, CVE-2014-6570, CVE-2014-6575, CVE-2014-6600, CVE-2015-0375, CVE-2015-0378, CVE-2015-0397, CVE-2015-0428, CVE-2015-0429, CVE-2015-0430   (Links to External Site)
Date:  Jan 20 2015
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10, 11
Description:   Multiple vulnerabilities were reported in Oracle Solaris. A remote authenticated or local user can obtain elevated privileges on the target system. A remote user can partially access data and cause partial denial of service conditions. A local user can cause denial of service conditions. A remote or local user can partially access and modify data on the target system.

A remote authenticated user can exploit a flaw in the Solaris Cluster System management component to gain elevated privileges [CVE-2014-4259].

A local user can exploit a flaw in the Solaris CDE - Power Management Utility component to gain elevated privileges [CVE-2014-6521].

A local user can exploit a flaw in the Solaris kernel to gain elevated privileges [CVE-2014-6524].

A local user can exploit a flaw in the Solaris Power Management Utility to gain elevated privileges [CVE-2014-6510].

A local user can exploit a flaw in the Solaris Unix File System (UFS) component to modify data and cause denial of service conditions [CVE-2014-6518].

A local user can exploit a flaw in the Solaris Cluster System management component to gain elevated privileges [CVE-2014-6480].

A remote user can exploit a flaw in the Solaris AMD pcnet driver component to partially access data [CVE-2003-0001].

A remote user can exploit a flaw in the Solaris Network component to partially access data [CVE-2015-0375].

A remote user can exploit a flaw in the Solaris Network component to cause partial denial of service conditions [CVE-2014-6575].

A local user can exploit a flaw in the Solaris File System component to cause denial of service conditions [CVE-2014-6570].

A local user can exploit a flaw in the Solaris File System component to cause denial of service conditions [CVE-2014-6600].

A local user can exploit a flaw in the Solaris kernel to cause denial of service conditions [CVE-2014-6509].

A local user can exploit a flaw in the Solaris Resource Control component to cause denial of service conditions [CVE-2015-0428].

A remote user can exploit a flaw in the Solaris KSSL component to partially access data [CVE-2014-6481].

A local user can exploit a flaw in the Solaris RPC Utility to partially modify data and cause partial denial of service conditions [CVE-2015-0429].

A local user can exploit a flaw in the Solaris File System component to cause partial denial of service conditions [CVE-2015-0397].

A local user can exploit a flaw in the Solaris Libc component to cause partial denial of service conditions [CVE-2015-0378].

A local user can exploit a flaw in the Solaris RPC Utility component to partially access data [CVE-2015-0430].

The following researchers reported these and other Oracle vulnerabilities:

Abdullah Erdem; Adam Willard of Foreground Security; Amir Sohail; Arjun V; Avik Sarkar; Ayoub Nait Lamine; Ben Khlifa Fahmi; Cameron Crowley; Christian Galeone;
Gaurav Mishra; Gopal Bisht; Gurjant Singh Sadhra; Karthik E C; Koutrouss Naddara; M.Asim Shahzad; Mohammed Osman; Monendra Sahu; Mousab Elhag; Muhammad Sarmad Shafiq; Rakesh Singh of Zero Day Guys; Sandeep Venkatesan; Sky_BlaCk; Sreehari; Srikanth Y; and Yann CAM.

Impact:   A remote authenticated or local user can obtain elevated privileges on the target system.

A remote user can partially access data and cause partial denial of service conditions.

A local user can cause denial of service conditions.

A remote or local user can partially access and modify data on the target system.

Solution:   The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - January 2015.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC