|
|
[ Message Precedent sur la mailing][ Message Suivant sur la mailing][ Precedent dans le fil][ Prochain dans le fil][ Index par Date][ Index par fil]
[SA24927] Sun Solaris and Java Web Console Format String Vulnerability
Secunia customers receive relevant and filtered advisories.
Delivery is done via different channels including SMS, Email, Web,
and https based XML feed.
link://[click]
TITLE:
Sun Solaris and Java Web Console Format String Vulnerability
SECUNIA ADVISORY ID:
SA24927
VERIFY ADVISORY:
link://[click]
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
OPERATING SYSTEM:
Sun Solaris 10
link://[click]
SOFTWARE:
Sun Java Web Console 2.x
link://[click]
DESCRIPTION:
Frank Dick has reported a vulnerability in Sun Solaris and Java Web
Console, which potentially can be exploited by malicious people to
compromise a vulnerable system.
The vulnerability is caused due to a format string error when calling
the "syslog()" function to log failed logins. This may be exploited to
execute arbitrary code by logging in with specially crafted
credentials.
The vulnerability is reported in Sun Solaris 10 prior to 11/06 and
Sun Java Web Console versions 2.2.2 through 2.2.5.
SOLUTION:
Update to Sun Java Web Console version 2.2.6 or apply patches.
Sun Java Web Console 2.2.6:
link://[click]
Sun Solaris 10, SPARC platform:
Apply patch 121211-02.
link://[click]
Sun Solaris 10, x86 platform:
Apply patch 121212-02.
link://[click]
PROVIDED AND/OR DISCOVERED BY:
Frank Dick, n.runs AG
ORIGINAL ADVISORY:
Sun Microsystems:
link://[click]
n.runs AG:
link://[click]
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
link://[click]
Definitions: (Criticality, Where etc.)
link://[click]
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, outil, attaque, réseau, microsoft, metasploit, audit, vulnérabilité, système, virus, internet, usbsploit, données, protocol, présentation, linux, source, réseaux, bluetooth, scanner, reverse, conférence, shell, meterpreter, vista, rootkit, engineering, mobile, security, wishmaster, malicieux, https, trames, paquet, noyau, téléphone, détection, botnet, forensic, libre, snort, utilisant, sysun |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
