Oracle Solaris Multiple Vulnerabilities
Last Update Date:
20 Oct 2011 11:26
Release Date:
20 Oct 2011
5176
Views
RISK: High Risk
TYPE: Operating Systems - Sun Solaris
![TYPE: Sun Solaris](/f/bulletin_type/100003/37p37/operation-system-solaris.png)
Multiple vulnerabilities have been reported in Oracle Solaris, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and by malicious people to cause a DoS and potentially compromise a vulnerable system. These issues are caused by the errors in the following components/functions:
- LDAP library
- iSCSI DataMover (IDM) component
- Process File System (procfs) component
- Network Status Monitor (statd(1M)) component
- Remote Quota Server (rquotad(1M)) component
- Kernel/Filesystem component
- Kernel/Performance Counter BackEnd Module (pcbe) component
- ZFS component
- Network Services Library (libnsl(3LIB)) component
- xscreensaver component
- ZFS component
- DTrace Software Library (libdtrace(3LIB)
- Zones component
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
- Data Manipulation
System / Technologies affected
- Oracle Solaris 11 Express
- Sun Solaris 10.x
- Sun Solaris 8
- Sun Solaris 9
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply patches (see vendor's advisory for details).
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html#AppendixSUNS
Vulnerability Identifier
- CVE-2011-2286
- CVE-2011-2292
- CVE-2011-2304
- CVE-2011-2311
- CVE-2011-2312
- CVE-2011-2313
- CVE-2011-3508
- CVE-2011-3515
- CVE-2011-3534
- CVE-2011-3535
- CVE-2011-3536
- CVE-2011-3537
- CVE-2011-3539
- CVE-2011-3542
- CVE-2011-3543
Source
Related Link
Share with