SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Solaris Vendors:   Oracle, Sun
Solaris Bugs Lets Local Users Access Data, Modify Data, and Gain Elevated Privileges and Let Remote and Local Users Deny Service
SecurityTracker Alert ID:  1033881
SecurityTracker URL:  http://securitytracker.com/id/1033881
CVE Reference:   CVE-1999-0377, CVE-2015-2642, CVE-2015-4801, CVE-2015-4817, CVE-2015-4820, CVE-2015-4822, CVE-2015-4831, CVE-2015-4834, CVE-2015-4837, CVE-2015-4869, CVE-2015-4891, CVE-2015-4907   (Links to External Site)
Date:  Oct 20 2015
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10, 11.2
Description:   Multiple vulnerabilities were reported in Solaris. A remote or local user can cause denial of service conditions on the target system. A local user can access and modify data on the target system. A local user can obtain elevated privileges on the target system.

A local user can exploit a flaw in the Solaris Utility/Security component to gain elevated privileges [CVE-2015-4837].

A local user can exploit a flaw in the Solaris Kernel Zones virtualized NIC driver component to gain elevated privileges [CVE-2015-4817].

A local user can exploit a flaw in the Solaris Kernel Zones component to gain elevated privileges [CVE-2015-4820].

A remote user can exploit a flaw in the Solaris INETD component to cause partial denial of service conditions [CVE-1999-0377].

A local user can exploit a flaw in the Solaris Kernel component to cause denial of service conditions [CVE-2015-4869].

A local user can exploit a flaw in the Solaris Kernel Zones component to cause denial of service conditions [CVE-2015-4831].

A local user can exploit a flaw in the Solaris NSCD component to partially access data, partially modify data, and partially deny service [CVE-2015-4891].

A local user can exploit a flaw in the Solaris Kernel Zones component to partially access data, partially modify data, and partially deny service [CVE-2015-4907].

A local user can exploit a flaw in the Solaris Gzip component to partially access data, partially modify data, and partially deny service [CVE-2015-2642].

A local user can exploit a flaw in the Solaris Utility/Zones component to partially access data, partially modify data, and partially deny service [CVE-2015-4834].

A local user can exploit a flaw in the Solaris Kernel Zones component to partially access data [CVE-2015-4801].

A local user can exploit a flaw in the Solaris Kernel Zones component to cause partial denial of service conditions [CVE-2015-4822].

The following researchers reported these and other Oracle product vulnerabilities:

Aaron Portnoy of Exodus Intelligence; Adam Gowdiak of Security Explorations; Adam Willard of Foreground Security; Advanced Threat Research Team, Intel Security; Aleksandr Dubinsky of SyncWords; Alexey Tyurin of ERPScan; Andrea Palazzo of Truel IT; Behzad Najjarpour Jabbari of Secunia Research; Borked of the Google Security Team; Brooks Li of Trend Micro; Cihan Oncu of Biznet Bilisim A.S.;Colm O hEigeartaigh; Dan Peled; David Byrne of Trustwave SpiderLabs; David Litchfield of Google; Egor Karbutov of ERPScan; Erlend Oftedal; FortiGuard Labs of Fortinet, Inc.; Francis Provencher from COSIG; Francois Goichon of Context Information Security; G. Geshev from MWR Labs; Gregory Golds; Guido Vranken; Ivan Chalykin of ERPScan; Jacob Smith; Jakub Palaczynski from ING Services Polska;Jeff Kayser of Jibe Consulting; Kana Toko; Khai Tran of Netspi; Leopold von Niebelschuetz-Godlewski of Trustwave; Marcin Gebarowski; Nikita Kelesis of ERPScan; Osanda Malith Jayathissa; Oscar Andersson; Red Hat Product Security; Sergey Gorbaty of Salesforce.com; Travis Emmert of Salesforce.com; and Ugur Cihan Koc of Avea Iletisim Hizmetleri A.S.

Impact:   A remote or local user can cause denial of service conditions on the target system.

A local user can obtain elevated privileges on the target system.

A local user can obtain data on the target system.

A local user can modify data on the target system.

Solution:   The vendor has issued a fix as part of the October 2105 Oracle Critical Patch Update.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC