Sun Products Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 16 Jul 2010 4730 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various Sun products, which could be exploited by remote or local attackers to cause a denial of service, read and manipulate certain data, disclose sensitive information, bypass security restrictions, or execute arbitrary code.

These issues are caused by errors in the ToolTalk, FTP Server, rdist, Administration Server, ZFS, Mail, Calendar, Address Book, and Instant Messaging, GigaSwift Ethernet Driver, TCP/IP, Kernel/VM, Kernel/Filesystem, Authentication, Kernel/RPC, Metro Web Services, Install Software, NFS, Solaris Management Console and the GUI components.

Impact

Denial of Service
Remote Code Execution
Security Restriction Bypass
Information Disclosure

System / Technologies affected

Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
Sun OpenSolaris
Sun Java System Web Proxy Server version 4.0.13 and prior
Sun Convergence version 1.0 and prior
Sun Access Manager version 7.1
Sun Access Manager version 7 2005Q4
Sun OpenSSO Enterprise version 8.0
Sun Solaris Studio version 12 update 1 and prior
Sun Java System Application Server version 8.0
Sun Java System Application Server version 8.1
Sun Java System Application Server version 8.2
GlassFish Enterprise Server version 2.1.1 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.
Apply patches:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html

Vulnerability Identifier

Source

Share with

Oracle Products Multiple Vulnerabilities

14 Jul 2010 4703 Views

Microsoft Windows Shell Shortcut Handling Vulnerability

19 Jul 2010 4539 Views