Please Scroll Down to See Forums Below 
gsxr1000
New member
Hi guys,
I just received this security advisory from SUN Microsystems, thought I'd pass it along.
*SUN ISSUES PATCH FOR SERIOUS SOLARIS FLAW
By Shawna McAlearney
Sun Microsystems yesterday issued a patch for a serious directory
traversal vulnerability affecting multiple Solaris versions that could
allow an attacker to gain root privileges remotely.
"Every Solaris box used in production today is vulnerable to being
attacked remotely and the attacker can get root privileges," says Chad
Harrington, director of business development at Entercept Technologies.
"It's an open door for the world and that's pretty scary."
The vulnerability affects Sun's Kodak Color Management System (KCMS),
which is installed by default in Solaris/Sparc 2.5, 2.6, 7, 8 and 9 and
Solaris/x86 2.5, 2.6, 7, 8 and 9.
Entercept discovered that logic flaws in the way Solaris does security
checks can be used to read arbitrary files on the system. Any user without
any special privilege level can remotely access the KCMS library service
daemon, run the exploit and read any file on the system, including
passwords and other sensitive data.
Affected users should apply the patches immediately.
http://docs.sun.com/db/doc/8161325/6m7oiipal?q=kcms_server&a=view#profil
es-2
http://www.kb.cert.org/vuls/id/850785
http://www.entercept.com/ricochet/alerts
I just received this security advisory from SUN Microsystems, thought I'd pass it along.
*SUN ISSUES PATCH FOR SERIOUS SOLARIS FLAW
By Shawna McAlearney
Sun Microsystems yesterday issued a patch for a serious directory
traversal vulnerability affecting multiple Solaris versions that could
allow an attacker to gain root privileges remotely.
"Every Solaris box used in production today is vulnerable to being
attacked remotely and the attacker can get root privileges," says Chad
Harrington, director of business development at Entercept Technologies.
"It's an open door for the world and that's pretty scary."
The vulnerability affects Sun's Kodak Color Management System (KCMS),
which is installed by default in Solaris/Sparc 2.5, 2.6, 7, 8 and 9 and
Solaris/x86 2.5, 2.6, 7, 8 and 9.
Entercept discovered that logic flaws in the way Solaris does security
checks can be used to read arbitrary files on the system. Any user without
any special privilege level can remotely access the KCMS library service
daemon, run the exploit and read any file on the system, including
passwords and other sensitive data.
Affected users should apply the patches immediately.
http://docs.sun.com/db/doc/8161325/6m7oiipal?q=kcms_server&a=view#profil
es-2
http://www.kb.cert.org/vuls/id/850785
http://www.entercept.com/ricochet/alerts
