Note: This is an archival copy of Security Sun Alert 234304 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019072.1.
Security Sun Alert Archive Reference for Year 2000
1 of 3 -- Security Sun Alert Archive Reference for Year 2000 If you need additional information for any of the following Sun Alerts please contact the Sun Alert Program Office at: firstname.lastname@example.org These Sun Alerts are only available upon request. They are not part of the current collection which begins with January 1, 2003. ========================================================================================= 1) sadmind May Be Exploited to Gain Root Access Sun Alert ID: 100740 (formerly 22893) # BugIDs: 4298053 Product: Solaris 2.5 to 8 Remote attackers may exploit this vulnerability in the "sadmind" program to execute arbitrary instructions with superuser privileges, thereby compromising system security. ========================================================================================= 2) dlopen() in libprint.so.2 Could be Exploited to Gain Root Access Sun Alert ID: 100744 (formerly 23056) # BugIDs: 4334568 Product: Solaris 2.6 to 8 Users with an unprivileged account may be able to get full root access to the system. ========================================================================================= 3) Buffer Overflow in netpr_send_message() Might Lead to Unauthorized Root Access Sun Alert ID: 100755 (formerly 23567) # BugIDs: 4310991 # Product: Solaris 2.6 to 8 Unprivileged users are able to get full root access to a system. ========================================================================================= 4) Netscape Browser Allows Malicious Applets to Read Data From Local Files Sun Alert ID: 100766 (formerly 23665) # BugIDs: CERT, advisory, CA-2000-15 Product: Netscape Browser An exploit dubbed "Brown Orifice" creates an HTTP server as a Java applet thus turning the Netscape Browser into a web server. This allows remote users to access local and networked files. These files include URLs located behind firewalls using "file://", "http://", "https://", "ftp://", and other types of connections. The Netscape Browser is a component of both Netscape Communicator and Netscape Navigator. For more information on the vulnerability see CERT advisory CA-2000-15 at: http://www.cert.org/advisories/CA-2000-15.html ========================================================================================= 5) Possible Security Issue in nscd because of Buffer Overflows Sun Alert ID: 100719 (formerly 123) # BugIDs: 4114757 Product: Solaris 2.5, 2.6 Unprivileged users may be able to get full root access to the system because of a possible buffer overflow in the nscd process. ========================================================================================= 6) Non-Privileged Users Can Obtain Root Access on Systems Running Sun HPC 2.0 or Sun HPC Clustertools 3.0/3.1 Sun Alert ID: 100775 (formerly 23934) # BugIDs: 4345873 # Product: Sun HPC Clustertools 3.1 Non-Privileged users can obtain root access on systems running Sun HPC 2.0, Sun HPC Clustertools 3.0, or Sun HPC Clustertools 3.1. ========================================================================================= 7) Users can Bypass Being Forced to Change Their Login Password Sun Alert ID: 100773 (formerly 23895) # BugIDs: 4112707 Product: Solaris 2.5.1 to 8 Even though a login password has been created with the "passwd -f" command to force a user to change the password on the first login, users can circumvent this requirement and use the initially set password indefinitely. ========================================================================================= 8) Potential Compromise of 2 Sun Browser Certificates Sun Alert ID: 100796 (formerly 24690) # BugIDs: none Product: Web browsers Web browsers accept security certificates from trusted sources. A specific certificate from Sun may have received outside exposure. Systems that encounter this certificate are potentially vulnerable to attack from malicious applets, applications or components. ========================================================================================= 9) The Java Runtime Environment Might Allow an Untrusted Java Class to Call Into a Disallowed Java Class Sun Alert ID: 100788 (formerly 24493) # BugIDs: 4288452 Product: JDK/JRE 1.2.2 Under certain circumstances, the Java(TM) Runtime Environment might allow an untrusted Java class to call into an otherwise disallowed Java class. This is a potential security issue. ============ End of 2000 ======================================================
Solaris 8 Operating System
This solution has no attachment