Sun Microsystems has announced three new security updates.
#102914: A Security Vulnerability in the Implementation of the RPCSEC_GSS API Affects the Kerberos Administration Daemon (kadmind(1M))
This update addresses one vulnerability in the Kerberos packages for Solaris 8, 9, and 10 on SPARC and X86. A vulnerability in the RPCSEC_GSS API could allow an attacker to execute arbitrary commands with the privileges of the kadmind daemon (usually ‘root’) (CVE-2007-2442). Sun has made patches available for Solaris 8 and 10, but is still working on a final patch for Solaris 9.
#102926: Security Vulnerability in the Solaris libsldap Library May Allow a Denial of Service to nscd(1M)
This update fixes one vulnerability in the libsldap library for Solaris 8, 9, and 10 on SPARC and X86. An unprivileged local user could disable nscd causing name service lookups to be slower and resulting in a possible Denial of Service. Sun has made patches available for all affected platforms.
#102971: Multiple Memory Corruption Vulnerabilities in Mozilla 1.7 for Solaris 8, 9 and 10
This update addresses memory corruption vulnerabilities in Mozilla 1.7 for Solaris 8, 9, and 10 on SPARC and X86. Although a final resolution is pending, many of the vulnerabilities may be mitigated by disabling JavaScript.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
Leave a Reply