Sun Microsystems announced 3 new security updates this morning: in.iked, inetd, kadm5.
#102745 in.iked Daemon
This update addresses one vulnerability in the in.iked service for Solaris 9 on both SPARC and X86 platforms. Due to a logical pointer-handling error in the libike library, an attacker could crash the in.iked daemon resulting in a Denial of Service. Sun has made a patch available to fix this issue. More detailed information can be found on SunSolve.
#102921 inetd Daemon
This update addresses one vulnerability in the inetd daemon for Solaris 10 on both SPARC and X86 platforms. A local unprivileged user may be able to shut down the inetd daemon resulting in a Denial of Service. Sun has made a patch available to fix this issue. More detailed information can be found on SunSolve.
#102930 Kerberos kadm5 Library
This update addresses one vulnerability in the Kerberos kadm5 library for Solaris 8, 9, and 10 on both SPARC and X86 platforms. A remote authenticated user may be able to execute arbitrary code with the privileges of the kadmind process (often root) (CVE-2007-0957). This issue only affects systems configured as a Kerberos Key Distribution Center (KDC). There is currently no patch available for this vulnerability. Sun recommends shutting down kadmind until a patch becomes available. More detailed information can be found on SunSolve.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!