Security experts are warning of serious vulnerabilities in Sun Microsystems' OpenSSL and TLS implementation in Sun Cluster, and with Internet Key Exchange (IKE) in Solaris, that could allow remote unprivileged users to cause denial of service, execute arbitrary code or obtain unauthorized root access.
Known problems with OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols have surfaced in a number of products, now including
The other issue is with the implementation of Internet Key Exchange in Solaris 9 on x86 systems. It's possible for a local or remote attacker to leverage a buffer overflow to cause a denial of service or obtain unauthorized root access. Sun has issued a patch.