Next Page >>
Sun Solaris
ORA240BC OfO v8.1.7 for HP-UX Eval LTU & Media
ORA300BC OfO v8.1.7 for Win 2000/NT LTU
ORA305BC OfO v8.1.7 for Win 2000/NT 5 LTU Bundle
ORA330BC OfO v8.1.7 for Win 2000/NT Media
ORA340BC OfO v8.1.7 for Win 2000/NT Eval LTU
ORA400BC OfO v8.1.7 for Sun Solaris LTU
ORA405BC OfO v8.1.7 for Sun Solaris 5 LTU Bundle
ORA430BC OfO v8.1.7 for Sun Solaris Media
ORA440BC OfO v8.1.7 for Sun Solaris Eval LTU
ORA600CA OfO for Linux LTU
ORA605CA OfO for Linux LTU Service Bureaus Bundle
ORA240BC OfO v8.1.7 for HP-UX Eval LTU & Media
ORA300BC OfO v8.1.7 for Win 2000/NT LTU
ORA305BC OfO v8.1.7 for Win 2000/NT 5 LTU Bundle
ORA330BC OfO v8.1.7 for Win 2000/NT Media
ORA340BC OfO v8.1.7 for Win 2000/NT Eval LTU
ORA400BC OfO v8.1.7 for Sun Solaris LTU
ORA405BC OfO v8.1.7 for Sun Solaris 5 LTU Bundle
ORA430BC OfO v8.1.7 for Sun Solaris Media
ORA440BC OfO v8.1.7 for Sun Solaris Eval LTU
ORA600CA OfO for Linux LTU
ORA605CA OfO for Linux LTU Service Bureaus Bundle
ORA240BC OfO v8.1.7 for HP-UX Eval LTU & Media
ORA300BC OfO v8.1.7 for Win 2000/NT LTU
ORA305BC OfO v8.1.7 for Win 2000/NT 5 LTU Bundle
ORA330BC OfO v8.1.7 for Win 2000/NT Media
ORA340BC OfO v8.1.7 for Win 2000/NT Eval LTU
ORA400BC OfO v8.1.7 for Sun Solaris LTU
ORA405BC OfO v8.1.7 for Sun Solaris 5 LTU Bundle
ORA430BC OfO v8.1.7 for Sun Solaris Media
ORA440BC OfO v8.1.7 for Sun Solaris Eval LTU
ORA600CA OfO for Linux LTU
ORA605CA OfO for Linux LTU Service Bureaus Bundle
ORA240BC OfO v8.1.7 for HP-UX Eval LTU & Media
ORA300BC OfO v8.1.7 for Win 2000/NT LTU
ORA305BC OfO v8.1.7 for Win 2000/NT 5 LTU Bundle
ORA330BC OfO v8.1.7 for Win 2000/NT Media
ORA340BC OfO v8.1.7 for Win 2000/NT Eval LTU
ORA400BC OfO v8.1.7 for Sun Solaris LTU
ORA405BC OfO v8.1.7 for Sun Solaris 5 LTU Bundle
ORA430BC OfO v8.1.7 for Sun Solaris Media
ORA440BC OfO v8.1.7 for Sun Solaris Eval LTU
ORA600CA OfO for Linux LTU
ORA605CA OfO for Linux LTU Service Bureaus Bundle
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ Sun Solaris 10 filesystem rm(1),find(1),etc, Denial-of-service ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 17.04.2010
- - Pub.: 21.05.2010
sadmind, which when properly exploited can lead to remote compromise of the
vulnerable system.
This vulnerability was confirmed by us in the following versions of the Sun
operating system, other versions may be also affected.
Sun Solaris 9 SPARC
Sun Solaris 9 x86
Sun Solaris 8 SPARC
Sun Solaris 8 x86
DETAILS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ Sun Solaris 10 ftpd Cross-site request forgery ]
Author: Maksymilian Arciemowicz
SecurityReason.com
Date:
- - Dis.: 24.02.2010
- - Pub.: 21.05.2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ Sun Solaris 10 libc/*convert (*cvt) buffer overflow ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 15.04.2010
- - Pub.: 21.05.2010
Title
-----
DDIVRT-2009-28 Sun Solaris 10 rpc.cmsd Buffer Overflow and Denial of Service (CVE-2010-3509)
Severity
--------
High
Date Discovered
---------------
Red Hat Enterprise Linux 3.0 x86
Red Hat Enterprise Linux 4.0 x86
SUSE Linux Enterprise Server 9 (SLES) x86
SUSE Linux Enterprise Server 10 SP1 (SLES) x86
Sun Solaris 9 SPARC (64 bit only)
Sun Solaris 10 SPARC (64 bit only)
HP/UX 11.11 PA-RISC (64 bit only)
HP/UX 11.23 PA-RISC (64 bit only)
HP/UX 11.31 PA-RISC (64 bit only)
AIX 5.2 (64 bit only)
AIX 5.3 (64 bit only)
======================================================================
Secunia Research 23/05/2009
- Sun Solaris "sadmind" Integer Overflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 23/05/2009
- Sun Solaris "sadmind" Buffer Overflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
updated version will be available on your RealNetworks PAM site after
12:00 am PST, on July 14, 2009."
. Red Hat Enterprise Linux 4
. Red Hat Enterprise Linux 5
. Sun Solaris 10
. Windows 2003
7. *Credits*
>- --- 1. Sun Solaris 10 filesystem rm(1),find(1),etc, Denial-of-service ---
>We can create, deep tree and when we will remove, scan or something else with
>this tree, affected program will crash with stack overflow sympton
>
It's easy to workaround this issue by increasing the stack limit.
* Cisco Unity Bridge
* Cisco Secure ACS Solution Engine
* Cisco Internet Service Node (ISN)
* Cisco Security Manager (CSM)
Note: The Sun Solaris version of the Cisco Security Agent is not
affected by these vulnerabilities.
Products Confirmed Not Vulnerable
+--------------------------------
Nov 02, 2007
I. BACKGROUND
The srsexec utility is part of the SRS Proxy Core package that is
available with Solaris 10. This package is used to monitor the
performance of clients running Solaris from a centralized
administrative console. This software would be installed on all of the
client machines being monitored and is set-uid root by default. More
information is available at the vendor's site.
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02002298
Version: 1
HPSBMA02487 SSRT100024 rev.1 - HP Operations Agent Running on Solaris 10, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-02-08
Last Updated: 2010-02-08
OS: Linux
Title: Monthly patch8 - TD4QC_00035
Document ID: KM424656
Product: TestDirector for Quality Center Version: 9.2
OS: Sun Solaris
PRODUCT SPECIFIC INFORMATION
None
HISTORY
Products Confirmed Not Vulnerable
+--------------------------------
CiscoWorks IPM version 2.x for Sun Solaris and CiscoWorks IPM version
4.x for Windows and Solaris operating systems are not affected. No
other Cisco products are currently known to be affected by this
vulnerability.
Details
=======
| domains:
|
| • XSCF diagnosis engine — diagnoses hardware errors associated with
| domain stops
|
| • Solaris Operating System diagnosis engine — identifies non-fatal
| domain hardware errors and reports them to the system controller
|
| • POST diagnosis engine — identifies any hardware test failures that
| occur when the power-on self-test is run
|
information belonging to the kernel or other users. For example, the
root password hash or encryption keys might be disclosed.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Solaris 10
on x86 and SPARC. It is suspected that earlier versions are also
affected.
V. WORKAROUND
I think this is of (very) small concern (no one in their right mind
would do this) but it is an unexpected result and breaks the principle
of least surprise.
FWIW, the same "issue" exists on Solaris 10. It's not Linux specific.
--
rgds
Stephen
configurations that allow large numbers of open file descriptors in a
process.
CVE-2008-0948: In versions before 1.3, this bug can be triggered in
similar circumstances, but is further limited to platforms not
defining certain macros in certain C system header files. Solaris 10
and Mac OS X 10.4 appear to be unaffected, while GNU libc systems
(e.g., many GNU/Linux distributions) are. It appears that in at least
some cases kadmind will simply exit after getting a "bad file
descriptor" error, but this cannot be guaranteed.
exploitation.
IV. DETECTION
iDefense has confirmed the existence of these vulnerabilities in snoop
for Solaris 10 8/07. Other versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workarounds for these issues.
exploitation.
IV. DETECTION
iDefense has confirmed the existence of these vulnerabilities in snoop
for Solaris 10 8/07. Other versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workarounds for these issues.
* Windows XP SP2: IE 7.0.5730.11 Flash Player 9.0.47.0
* Ubuntu Edgy: Firefox 2.0.0.5 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Safari 2.0.4 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Safari 3.0.2 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Firefox 2.0.0.6 / Flash Player 9.0.47.0
* Solaris 10 i86: Firefox 2.0.0.3 / Flash Player 9.0.47.0
Doesn't work as expected on:
* Mac OSX 10.4.10: Opera 9.22 / Flash Player 9.0.47.0
# Known limitations
* The Scanner does not work on services that close the TCP-
Sun> + an empty GECOS field
Sun> + leading spaces in the GECOS field
Sun> + trailing spaces in the GECOS field
Sun> + a GECOS field with two adjacent spaces
Sun> This latter issue has been addressed in Solaris 10 and later at this
Sun> time under bugID 4432153.
> Thanks for your response. Do you intend to provide patches for older
> OS's?
configurations that allow large numbers of open file descriptors in a
process.
CVE-2008-0948: In versions before 1.3, this bug can be triggered in
similar circumstances, but is further limited to platforms not
defining certain macros in certain C system header files. Solaris 10
and Mac OS X 10.4 appear to be unaffected, while GNU libc systems
(e.g., many GNU/Linux distributions) are. It appears that in at least
some cases kadmind will simply exit after getting a "bad file
descriptor" error, but this cannot be guaranteed.
until the allocation fails. At that point, fetchmail will abort.
The exact combination of contributing and mitigating factors is not
fully understood; GNU glibc 2.7 and 2.10.1 on i586 report EILSEQ when
printing invalid sequences through a %.*s format string in multibyte
locales such as de_DE.UTF-8; NetBSD 5, FreeBSD 8 and Solaris 10 do not.
However, the issue is a genuine fetchmail bug that deserves a fix.
Note that the "Affects:" line above may be inaccurate, and it may be that
versions before 5.6.6 are actually unaffected. The author was unable to
compile such old fetchmail versions to verify the existence of the bug.
Summary
=======
CiscoWorks Internetwork Performance Monitor (IPM) version 2.6 for Sun
Solaris and Microsoft Windows operating systems contains a
vulnerability that allows remote, unauthenticated users to execute
arbitrary commands. There are no workarounds for this vulnerability.
Cisco has made free software available to address this issue for
affected customers.
Next Page>>
|
