Oracle Solaris Multiple Vulnerabilities
Last Update Date:
20 Oct 2011 11:26
Release Date:
20 Oct 2011
5738
Views
RISK: High Risk
TYPE: Operating Systems - Sun Solaris
Multiple vulnerabilities have been reported in Oracle Solaris, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and by malicious people to cause a DoS and potentially compromise a vulnerable system. These issues are caused by the errors in the following components/functions:
- LDAP library
- iSCSI DataMover (IDM) component
- Process File System (procfs) component
- Network Status Monitor (statd(1M)) component
- Remote Quota Server (rquotad(1M)) component
- Kernel/Filesystem component
- Kernel/Performance Counter BackEnd Module (pcbe) component
- ZFS component
- Network Services Library (libnsl(3LIB)) component
- xscreensaver component
- ZFS component
- DTrace Software Library (libdtrace(3LIB)
- Zones component
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
- Data Manipulation
System / Technologies affected
- Oracle Solaris 11 Express
- Sun Solaris 10.x
- Sun Solaris 8
- Sun Solaris 9
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply patches (see vendor's advisory for details).
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html#AppendixSUNS
Vulnerability Identifier
- CVE-2011-2286
- CVE-2011-2292
- CVE-2011-2304
- CVE-2011-2311
- CVE-2011-2312
- CVE-2011-2313
- CVE-2011-3508
- CVE-2011-3515
- CVE-2011-3534
- CVE-2011-3535
- CVE-2011-3536
- CVE-2011-3537
- CVE-2011-3539
- CVE-2011-3542
- CVE-2011-3543
Source
Related Link
Share with