Sun Microsystems

A Security Vulnerability in unzip(1L) May Set Unintended Permissions on Extracted Files

A security vulnerability in the unzip(1L) command may set unintended permissions on extracted files.

Multiple Security Vulnerabilities in the JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 10

The JavaScript Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla.

A Security Vulnerability in Solaris Volume Manager (SVM) May Allow a Denial of Service (DoS)

Security Vulnerability in the Sun Remote Services (SRS) Net Connect Software

A format string security vulnerability in the Sun Remote Services (SRS) Net Connect Software may allow an unprivileged local user to execute arbitrary code with root privileges.

Multiple Security Vulnerabilities in the Layout Engine in Mozilla 1.7 for Solaris 8, 9 and 10

The Layout Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla.

Sun Fire X2100/X2200 M2 Servers ELOM Software is Vulnerable to Arbitrary Command Execution

A security vulnerability in the X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) software may allow remote unprivileged users the ability to execute arbitrary commands with root privileges on the embedded Service Processor (SP).

Security Vulnerability in the Solaris 10 Internet Protocol (ip(7P)) may Lead to a Denial of Service (DoS) Condition

A security vulnerability in the Solaris 10 Internet Protocol (ip(7P)) may allow a local unprivileged user the ability to cause a system panic, thereby causing a Denial of Service (DoS) to the system as a whole.

Security Vulnerability in Solaris 10 SCTP INIT Processing

A security vulnerability in Solaris 10 SCTP INIT processing (see sctp(7P)) may allow a privileged remote user to panic the system, resulting in a Denial of Service (DoS).

Multiple Security Vulnerabilities in JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 10

The JavaScript Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla.

Security Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() Function

A security vulnerability in the SSL_get_shared_ciphers() function within the OpenSSL library shipped with Solaris 10 may affect applications which make use of this function.

Multiple Memory Corruption Vulnerabilities in Layout Engine for Mozilla 1.7

The Layout Engine in the Mozilla 1.7 application (see mozilla(1)) contains multiple memory corruption vulnerabilities which may allow a remote user who is able to create a web page which is visited by a local user using the Mozilla browser, or who sends a specially crafted email that is read by a local user using Mozilla, to either cause the Mozilla application to crash or execute arbitrary code with the privileges of the user running Mozilla.

Vulnerability in Java Runtime Environment Virtual Machine May Allow Untrusted Application or Applet to Elevate Privileges

A vulnerability in the Virtual Machine of the Java Runtime Environment may allow an untrusted applet to elevate its privileges.

Security Vulnerabilities in Solaris Kernel Statistics Retrieval Process May Allow a Denial of Service (DoS)

Security vulnerabilities in the implementation of the retrieval of Kernel statistics may allow a local unprivileged user to panic the system, causing a Denial of Service (DoS) condition.

Two Security Vulnerabilities in the bzip2(1) Command may Allow the Permissions of Arbitrary Files to be Modified or Allow for Arbitrarily Large Files to be Created

A security vulnerability in the bzip2(1) command may allow a local unprivileged user to be able to read or modify files owned by another local user who invokes bzip2(1) to either compress or decompress files in a world writable directory.

FTP Security Vulnerability May Cause a Denial of Service to Sun StorEdge 3510 Data Services

A security vulnerability in the firmware FTP service of the Sun StorEdge 3510 FC Array may allow a remote unprivileged user who has access to the management network to which the array's management Ethernet interface is connected, to make the array unresponsive to data services. This is a type of Denial of Service (DoS).