Sun Microsystems - Angelo on Security

CVE-2009-1195 In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users may be able to bypass the configured restrictions and execute commands from a Server-Side-Include script which they shouldn't be able to.

4.9

Apache 2

OpenSolaris	snv_111b plus bug fixes: 6972023 6937352 6864797 6935576 6936032 6882208 6857346 6841115 6838652 6844352
Solaris 10	SPARC: 120543-22 X86: 120544-22

CVE-2009-1891 The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote users to cause a Denial of Service (DoS - CPU consumption).

4.3

CVE-2009-3094 A NULL pointer dereference vulnerability in the mod_proxy_ftp module could allow a remote user who controls an FTP server to crash an httpd child process resulting in a limited denial of service.

5.4

CVE-2009-3095 A vulnerability in the mod_proxy_ftp module when configured as a reverse proxy could allow a remote user to bypass intended access restrictions allowing the user to send arbitrary commands to the FTP server.

7.5

CVE-2009-3555 The Apache 2 mod_ssl module in httpd 2.2.14 and earlier is susceptible to the SSL and TLS protocol Man-in-the-Middle vulnerability during a renegotiation. This vulnerability allowed an attacker to "prefix" a chosen plaintext to the HTTP request as seen by the web server. A protocol extension was developed which fixed this vulnerability if supported by both client and server.

5.8

CVE-2010-0408 The ap_proxy_ajp_request function in the mod_proxy_ajp module in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain requests which can allow a remote user to cause a Denial of Service (DoS - backend server outage).

5.0

CVE-2010-0425 Windows only.

10.0

CVE-2010-0434 All Apache 2 modules on threaded servers which handle subrequests such as mod_headers may allow remote users to obtain sensitive information or cause a crash of the affected module.

4.3

CVE-2010-1452 The mod_cache and mod_dav modules can mishandle carefully crafted requests which can allow a remoter user to cause an httpd child process to crash which is a type of Denial of Service (DoS).

5.0

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2009-2412 Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util)

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2009-2412 Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util)

10.0

Apache 2

OpenSolaris	snv_122
Solaris 10	SPARC:120543-20 X86:120544-20

CVE-2009-1955 Resource Management Errors vulnerability in Apache Portable Runtime Utility (APR-util)

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2009-1955 Resource Management Errors vulnerability 7.8 APR-Util

Solaris 10 SPARC: 120543-18 X86: 120544-18

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE-2009-1956 Numeric Errors vulnerability in Apache Portable Runtime Utility (APR-util)

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2009-1956 Numeric Errors vulnerability 6.4 APR-util

Solaris 10 SPARC: 120543-18 X86: 120544-18

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE-2009-0023 Buffer Overflow vulnerability in Apache Portable Runtime Utility (APR-util)

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2009-0023 Buffer Overflow vulnerability 4.3 APR-util

Solaris 10 SPARC: 120543-18 X86: 120544-18

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Vulnerabilities in Mozilla Thunderbird

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-2760 Resource Management Errors vulnerability

9.3

Mozilla Thunderbird

OpenSolaris	snv151a + 6993799
Solaris 10	SPARC: 145200-04 X86: 145201-04

CVE-2010-2762 Permissions, Privileges, and Access Controls vulnerability

6.8

CVE-2010-2764 Permissions, Privileges, and Access Controls vulnerability

4.3

CVE-2010-2765 Numeric Errors vulnerability

9.3

CVE-2010-2766 Failure to Control Generation of Code ('Code Injection') vulnerability

9.3

CVE-2010-2767 Resource Management Errors vulnerability

9.3

CVE-2010-2768 Failure to Preserve Web Page Structure ('Cross-site Scripting') vulnerability

4.3

CVE-2010-2769 Failure to Preserve Web Page Structure ('Cross-site Scripting') vulnerability

4.3

CVE-2010-3166 Buffer Overflow vulnerability

9.3

CVE-2010-3167 Buffer Overflow vulnerability

9.3

CVE-2010-3168 Buffer Overflow vulnerability

9.3

CVE-2010-3169 Multiple unspecified vulnerabilities

9.3

CVE-2010-3170 Cryptographic Issues vulnerability

4.3

CVE-2010-3173 Cryptographic Issues vulnerability

7.5

CVE-2010-3175 Multiple unspecified vulnerabilities

9.3

CVE-2010-3176 memory corruption and application crash vulnerability

9.3

CVE-2010-3178 Permissions, Privileges, and Access Controls vulnerability

5.8

CVE-2010-3179 Buffer Overflow vulnerability

9.3

CVE-2010-3180 Resource Management Errors vulnerability

9.3

CVE-2010-3183 Buffer Overflow vulnerability

9.3

CVE-2010-3765 Buffer Overflow vulnerability

9.3

CVE-2010-3768 Improper Input Validation vulnerability

9.3

CVE-2010-3776 Buffer Overflow vulnerability

9.3

CVE-2010-3777 Buffer Overflow vulnerability

9.3

CVE-2010-2761, CVE-2010-4411 Vulnerabilities in CGI.pm Perl Module in Solaris 10

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-2761 Failure to Control Generation of Code ('Code Injection') vulnerability

4.3

Perl

Solaris 10

SPARC: 141552-04 X86: 141553-04

CVE-2010-4411 Unspecified vulnerability in CGI.pm

4.3

CVE-2010-4180 affects OpenSSL in Solaris 10

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2010-4180 Design Error vulnerability 4.3 OpenSSL, wanboot

Solaris 10 SPARC: 146857-01 143559-07 X86: 146859-01

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE-2009-3765 Cryptographic Issues vulnerability in Mutt E-Mail Client

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2009-3765 Cryptographic Issues vulnerability 6.8 Mutt E-Mail Client

Solaris 11 Express snv_151a + 6985294

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Vulnerabilities in libsndfile

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2007-4974 Buffer Overflow vulnerability

7.5

libsndfile

Solaris 11 Express

snv_151a + 6851116

CVE-2009-0186 Numeric Errors vulnerability

9.3

CVE-2009-1788 Buffer Overflow vulnerability

9.3

CVE-2009-1791 Buffer Overflow vulnerability

9.3

CVE-2011-0281, CVE-2011-0282 Vulnerabilities in Kerberos

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2011-0281 Cryptographic Issues vulnerability

5.0

Kerberos

Solaris 10	SPARC: 143561-09 X86: 143562-09
Solaris 11 Express	snv_151a + 7011626

CVE-2011-0282 Denial of service vulnerability

5.0

CVE-2010-1324 Vulnerability in Kerberos

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2010-1324 Design Error vulnerability 4.3 Kerberos

Solaris 11 Express snv_151a + 6997873

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2010-1168 vulnerability in Safe.pm Perl 5.6.1 module

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-1168 Permissions, Privileges, and Access Controls vulnerability

7.5

Perl 5.6.1 Safe.pm

Solaris 10	SPARC: 146769-01 X86: 146773-01
Solaris 9	SPARC: 119449-02 X86: 119450-02

CVE-2010-1323 Vulnerability in Kerberos

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-1323 Design Error vulnerability

2.6

Kerberos

Solaris 10	SPARC: 143561-08 X86: 143562-08
Solaris 11 Express	snv_151a + 6997879

CVE-2008-7270 vulnerability in OpenSSL

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2008-7270 Cryptographic Issues vulnerability 4.3 OpenSSL

Solaris 10 SPARC: 146857-01 143559-07 X86: 146859-01

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE-2008-1767 Buffer Overflow vulnerability in libxslt

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2008-1767 Buffer Overflow vulnerability 7.5 libxslt

Solaris 10 SPARC: 125731-06 X86: 125732-06

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2009-2404 vulnerability in NSS affects Sun Java System Access Manager Policy Agent

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2009-2404 Buffer Overflow vulnerability

9.3

Mozilla Network Security Services (NSS)

Sun Java System Access Manager Policy Agent 2.2

Generic: 141245-03, 141244-03, 141248-03, 141243-03, 141249-03 Windows: 141247-03

CVE-2008-1108, CVE-2008-1109 vulnerabilities in Gnome Evolution

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2008-1108 Buffer Overflow vulnerability

7.6

Gnome Desktop: Evolution

Solaris 10

SPARC: 119117-52 X86: 119118-52

CVE-2008-1109 Buffer Overflow vulnerability

9.3

CVE-2010-3702, CVE-2010-3702 Vulnerabilities in XPDF affect Oracle Open Office

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-3702 Improper Input Validation vulnerability

6.8

xpdf

Oracle Open Office 3

Oracle Open Office 3.3
or:
SPARC: 144824-02 X86: 144825-02
Windows: 144795-02 144798-02 144802-02 144797-02 144788-02 144794-02 144792-02 144804-02 144789-02 144801-02 144793-02 144791-02 144787-02 144800-02 144796-02 144803-02 144790-02 144799-02
Mac OS: 144810-02 144814-02 144808-02 144809-02 144820-02 144811-02 144818-02 144807-02 144816-02 144806-02 144819-02 144813-02 144817-02 144821-02 144815-02 144822-02 144805-02 144812-02
Linux: 144823-02

CVE-2010-3704 Improper Input Validation vulnerability

6.8

CVE-2005-1686 Format String Vulnerability in Gedit Gnome text editor

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2005-1686 Format String Vulnerability

2.6

Gedit Gnome text editor

Solaris 10

SPARC:120286-03, 143739-01 X86:120287-03, 143740-01

CVE-2011-1002 Resource Management Errors vulnerability

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2011-1002 Resource Management Errors vulnerability 5.0 Avahi

Solaris 11 Express snv_151a + 7023256

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.
CVE-2010-2244 Denial of service vulnerability

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2010-2244 Denial of service vulnerability 4.3 Avahi

Solaris 11 Express snv_151a + 7008368

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Vulnerabilities in BIND DNS software

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-3613 Permissions, Privileges, and Access Controls vulnerability

4.0

BIND DNS software

Solaris 11 Express	snv_151a + 7002134
Solaris 10	SPARC: 119783-17 X86: 119784-17
Solaris 9	SPARC: 112837-22 X86: 114265-21
Solaris 8	Contact Support

CVE-2010-3614 Denial of service vulnerability

6.4

CVE-2010-3814 Buffer Overflow vulnerability in Freetype

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-3814 Buffer Overflow vulnerability

6.8

Xserver

Solaris 11 Express	snv_151a + 6997986
Solaris 10	SPARC: 119812-11 X86: 119813-13
Solaris 8	SPARC: 124420-06 X86: 124421-06
Solaris 9	SPARC: 116105-12 X86: 116106-11

CVE-2010-0405 Integer Overflow in bzip2 in Versions Prior to 1.0.6

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-0405 Integer Overflow vulnerability

5.1

bzip2

OpenSolaris	snv_111b + 6986045
Solaris 10	SPARC: 126868-04 X86: 126869-05
Solaris 9	SPARC: 114586-05 X86: 114587-05
Solaris 8	SPARC: 138441-02 X86: 138442-02

Multiple Vulnerabilities in libpng

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-0205 Resource Management Errors vulnerability

7.8

libpng

Solaris 11 Express	snv_151a
Solaris 10	SPARC: 137080-05 X86: 137081-05
Solaris 9	SPARC: 139382-03 X86: 139383-03

CVE-2010-1205 Buffer Overflow vulnerability

7.5

CVE-2010-2249 Resource Management Errors vulnerability

5.0

Multiple Vulnerabilities in Git Version Control System

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2008-5516 Arbitrary Shell Command Injection vulnerability

7.5

Git Version Control System

Solaris 11 Express

snv_151a + 6989483

CVE-2008-5916 Permissions, Privileges, and Access Controls vulnerability

4.6

CVE-2009-2108 Resource Management Errors vulnerability

5.0

CVE-2010-2542 Buffer Overflow vulnerability

7.5

Multiple Vulnerabilities in Mozilla Firefox

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-2760 Resource Management Errors vulnerability

9.3

Mozilla Firefox

Solaris 10	SPARC: 145080-02 X86: 145081-02
Solaris 11 Express (OpenSolaris)	snv_151a + bug 6997419

CVE-2010-2762 Permissions, Privileges, and Access Controls vulnerability

6.8

CVE-2010-2764 Permissions, Privileges, and Access Controls vulnerability

4.3

CVE-2010-2765 Numeric Errors vulnerability

9.3

CVE-2010-2766 Code Injection vulnerability

9.3

CVE-2010-2767 Resource Management Errors vulnerability

9.3

CVE-2010-2768 Cross-site Scripting vulnerability

4.3

CVE-2010-2769 Cross-site Scripting vulnerability

4.3

CVE-2010-3166 Buffer Overflow vulnerability

9.3

CVE-2010-3167 Buffer Overflow vulnerability

9.3

CVE-2010-3168 Buffer Overflow vulnerability

9.3

CVE-2010-3169 denial of service (memory corruption and application crash) or possible arbitrary code execution vulnerability

9.3

CVE-2010-3170 Cryptographic Issues vulnerability

4.3

CVE-2010-3171 Cryptographic Issues vulnerability

5.8

CVE-2010-3173 Cryptographic Issues vulnerability

7.5

CVE-2010-3175 denial of service (memory corruption and application crash) or possible arbitrary code execution vulnerability

9.3

CVE-2010-3176 denial of service (memory corruption and application crash) or possible arbitrary code execution vulnerability

9.3

CVE-2010-3177 Cross-site Scripting vulnerability

4.3

CVE-2010-3178 Permissions, Privileges, and Access Controls vulnerability

5.8

CVE-2010-3179 Buffer Overflow vulnerability

9.3

CVE-2010-3180 Resource Management Errors vulnerability

9.3

CVE-2010-3182 Arbitrary code execution vulnerability

6.9

CVE-2010-3183 Buffer Overflow vulnerability

9.3

CVE-2010-3399 Cryptographic Issues vulnerability

5.8

CVE-2010-3765 Arbitrary code execution vulnerability

9.3

CVE-2010-0540 Cross-Site Request Forgery (CSRF) vulnerability in CUPS

CVE Description CVSSv2 Base Score Component Product and Resolution

CVE-2010-0540 Cross-Site Request Forgery (CSRF) vulnerability 6.0 CUPS Printing System

Solaris 11 Express snv_151a + 6958372

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Vulnerabilities in CUPS Printing System

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2010-0542 Permissions, Privileges, and Access Controls vulnerability

6.8

CUPS Printing System

Solaris 11 Express

snv_151a + 7004783

CVE-2010-2431 Improper Link Resolution Before File Access ('Link Following') vulnerability

6.9

CVE-2010-2432 Resource Management Errors vulnerability

5.0

View Photos of Angelo (8)
Send Angelo a Message

Sec and Sec-Tech Newsletter

Upcoming Events

Minicaster Radio Playhead