SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Solaris Vendors:   Oracle, Sun
Solaris Multiple Bugs Let Remote Users Access and Modify Data and Deny Service and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1027274
SecurityTracker URL:  http://securitytracker.com/id/1027274
CVE Reference:   CVE-2011-2699, CVE-2012-0563, CVE-2012-1687, CVE-2012-1750, CVE-2012-1752, CVE-2012-1765, CVE-2012-3112, CVE-2012-3120, CVE-2012-3121, CVE-2012-3122, CVE-2012-3123, CVE-2012-3124, CVE-2012-3125, CVE-2012-3126, CVE-2012-3127, CVE-2012-3129, CVE-2012-3130, CVE-2012-3131   (Links to External Site)
Date:  Jul 18 2012
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8, 9, 10, 11
Description:   Multiple vulnerabilities were reported in Solaris. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions. A remote user can partially access and modify data on the target system.

A local user can exploit a flaw in the Solaris Cluster component to gain elevated privileges [CVE-2012-3126].

A remote user can exploit a flaw in the TCP/IP stack to cause denial of service conditions [CVE-2012-3120, CVE-2012-3125].

A remote user can exploit a flaw in the IPv6 implementation to partially modify data on the target system [CVE-2011-2699].

A remote user can cause partial denial of service conditions. The in.tnamed(1M) component [CVE-2012-3121] and Kernel/KSSL component [CVE-2012-3124] is affected.

A remote user can exploit a flaw in the Solaris Management Console to partially modify data [CVE-2012-3112].

A remote user can exploit a flaw in the Apache HTTP Server component to partially access data [CVE-2012-3123].

A remote user can exploit a flaw in the SCTP(7P) component to cause denial of service conditions [CVE-2012-3127].

A remote user can exploit a flaw in the Gnome PDF viewer to partially access and modify data and cause partial denial of service conditions [CVE-2012-3129].

A remote user can exploit a flaw in pkg.depotd(1M) to partially modify data [CVE-2012-3130].

A remote user can exploit a flaw in Network/NFS to partially access data [CVE-2012-3131].

A local user can exploit a flaw in the Kernel/NFS component to cause denial of service conditions [CVE-2012-1752].

A local user can exploit a flaw in the Branded Zone component to modify data [CVE-2012-1765].

A local user can exploit a flaw in sort(1) to partially access and modify data [CVE-2012-3122].

A local user can exploit a flaw in the Logical Domains (LDOM) component to partially modify data or cause denial of service conditions [CVE-2012-1687].

A local user can exploit a flaw in the mailx(1) to partially access and modify data and cause partial denial of service conditions [CVE-2012-1750].

A local user can exploit a flaw in Kerberos/klist to cause partial denial of service [CVE-2012-0563].

The following researchers reported these and other Oracle vulnerabilities:

Alexander Kornbrust of Red Database Security; Deniz Cevik of Biznet; Dennis Yurichev; Enrico Milanese of Emaze Networks S.p.A; Esteban Martinez Fayo of Application Security, Inc.; Francis Provencher via Secunia SVCRP; Jens Elkner; Joe Moore; Martin Carpenter of Citco; Mike Gerdts formerly of GE; Paul Harrington of NGS Secure; Paul Ritchie of NGS Secure; Sami Piiroinen and Juho Ranta of Louhi Security Oy; Stephen Kost of Integrigy; Steven Seeley of Corelan Team; and Will Dormann of CERT/CC.

Impact:   A remote user can cause denial of service conditions.

A local user can obtain elevated privileges on the target system.

A remote user can partially access and modify data on the target system.

Solution:   The vendor has issued a fix, described in their July 2012 Critical Patch Update advisory.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpujul2012-392727.html (Links to External Site)
Cause:   Not specified
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Wed, 18 Jul 2012 02:58:20 +0000
Subject:  Oracle Sun Solaris


http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

CVE-2011-2699
CVE-2012-0563
CVE-2012-1687
CVE-2012-1750
CVE-2012-1752
CVE-2012-1765
CVE-2012-3112
CVE-2012-3120
CVE-2012-3121
CVE-2012-3122
CVE-2012-3123
CVE-2012-3124
CVE-2012-3125
CVE-2012-3126
CVE-2012-3127
CVE-2012-3129
CVE-2012-3130
CVE-2012-3131

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC