Article

Sun battles two vulnerabilities with patch and workaround

Edmund X. DeJesus, Contributor

Security experts are warning of serious vulnerabilities in Sun Microsystems' OpenSSL and TLS implementation in Sun Cluster, and with Internet Key Exchange (IKE) in Solaris, that could allow remote unprivileged users to cause denial of service, execute arbitrary code or obtain unauthorized root access.

Known problems with OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols have surfaced in a number of products, now including

    Requires Free Membership to View

Sun Cluster. The original issues involve bugs like an integer overflow and bad counting of input characters, which can permit a remote attacker to crash the application and cause denial of service or possibly execute arbitrary code. This occurs in Sun Cluster 3.x with SunPlex Manager. There's no fix at this time. According to Denmark-based security provider Secunia, Sun recommends stopping the SunPlex Manager.

The other issue is with the implementation of Internet Key Exchange in Solaris 9 on x86 systems. It's possible for a local or remote attacker to leverage a buffer overflow to cause a denial of service or obtain unauthorized root access. Sun has issued a patch.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: