Note: This is an archival copy of Security Sun Alert 201769 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001308.1.
Solaris 10 Operating System
Date of Resolved Release
Due to a vulnerability in the Solaris sysinfo(2) system call, a local unprivileged user may be able to read portions of kernel memory, which may contain sensitive data.
Sun acknowledges with thanks iDefense/VeriSign for bringing this issue to our attention.
This issue is also described at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=410
This issue can occur in the following releases:
Note: Solaris 8 and Solaris 9 are not affected by this issue.
There are no reliable symptoms that would indicate that this issue has been exploited to read portions of kernel memory.
There is no workaround to this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment