Sun Microsystems published 3 new security updates this morning.
#102956 Sun StorageTek Operations Manager 5.1
This update fixes one vulnerability in Sun StorageTek Operations Manager 5.1. The expiration of the EMC Application vendor key has rendered Sun StorageTek Operations Manager 5.1 unable to discover new EMC Storage Arrays or report on existing arrays after Operations Manager has been restarted. The workaround is to add the new vendor key (“cimom.emc.symapi.emcVendorKey=B+de833C38Ffbf89ff4″) into the configuration and restart the AppStorManager Service. More detailed information can be found on SunSolve.
#102961 scp
This security update relates to one vulnerability in scp for Solaris 9 and 10 on SPARC and X86 platforms. An attacker who is able to create a file on the system could execute arbitrary commands with the privileges of another user (CVE-2006-0225). Sun has not made a patch available, but is confident the issue can be worked around with responsible use of the scp command. Further information can be found on SunSolve.
#102962 sshd
This security update address one vulnerability in sshd for Solaris 9 and 10 on both SPARC and X86 platforms. When sshd is configured to use SSH protocol version 1, a remote attacker could cause sshd to consume processor power resulting in a Denial of Service (DoS) (CVE-2006-4924). Sun has not made a patch available, but SSH protocol version 1 can be disabled in /etc/ssh/sshd_config. See SunSolve for further information.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!