Multiple vulnerabilities in Oracle Solaris

Posted: October 21, 2012 in Vulnerabilities
Tags: , , , ,

Oracle LogoVulnerability: Multiple vulnerabilities in Oracle Solaris

Danger: High
Patch: Yes
Number of vulnerabilities: 19

Impact:

  • Denial of service
  • Disclosure of sensitive data
  • The introduction of a user’s session
  • Unauthorized manipulation of data
  • Elevation of Privilege
  • System compromise

Affected Products:

  • Oracle Solaris 11 Express
  • Sun Solaris 10
  • Sun Solaris 8
  • Sun Solaris 9

Affected versions:

  • Oracle Solaris 11.x
  • Sun Solaris 10.x
  • Sun Solaris 8.x
  • Sun Solaris 9.x

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. An unspecified error in the core subcomponent. This can be a DoS attack.

2. An unspecified error in the subcomponent COMSTAR. This can be a DoS attack.

3 An unspecified error in the subcomponent Gnome Trusted Extension.

4. An unspecified error in the core subcomponent.

5. An unspecified error in the subcomponent Power Management.

6. An unspecified error in the core subcomponent.

7. An unspecified error in the subcomponent Logical Domain (LDOM). This can be a DoS attack, and delete important data.

Note: Vulnerability № 7 applies only to Solaris, running on a SPARC.

8. An unspecified error in the core subcomponent. This can be exploited to crash the system.

9. An error in the subcomponent kernel / RCTL. This can be exploited to crash the system.

10. An unspecified error in the core subcomponent. This can be exploited to crash the system.

Note: Vulnerability № 7 applies only to Solaris, running on servers SPARC T4.

11. An error in the subcomponent kernel / System Call. This can be exploited to crash the system.

12. An unspecified error in the subcomponent inetd.

13. An error in the subcomponent mailx. A remote user can read, modify, and delete data available Solaris.

14. An error in the subcomponent Gnome Display Manager (GDM). This can be a DoS attack.

15. An error in the server subcomponent Vino. A remote user can read, modify, and delete data available Solaris.

16. An unspecified error in the core subcomponent.

Note: The vulnerability applies only number 16 on Solaris, running on a SPARC.

Manufacturer: Oracle Corporation

Solution: The vulnerabilities patch from the manufacturer.

Links:

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s