FrSIRT - Security Research and Cyber Threats Monitoring 24/7

French Security Incident Response Team

French

English

Sun Released Multiple Security Updates

Linux Kernel Multiple Local Vulnerabilities

Sun released multiple security updates to address various vulnerabilities affecting Sun Solaris, Sun Java System Web Server, Sun Java System Application Server and Sun Ray Server.

Technical details and solutions are available via our security advisories [1] [2] [3] [4].

Multiple vulnerabilities have been identified in Linux Kernel, which could be exploited by local attackers to bypass security restrictions, cause a denial of service or potentially gain elevated privileges.

These issues affect Kernel versions prior to 2.6.25.2, and prior to 2.4.36.4.

Latest FrSIRT Advisories - May 09, 2008

FrSIRT Vulnerability Notification Service


	TFTP Server SP Error Message Handling Buffer Overflow Issue
	rdesktop Multiple Code Execution and Denial of Service
	SAP Internet Transaction Server "wgate.dll" Cross Site Scripting
	Sun Java System AS and WS JSP Source Code Disclosure Issue
	Sun Solaris Tcl GUI Toolkit Library Code Execution Issues
	Sun Java System Web Server Cross Site Scripting Issue
	Sun Ray Server Kiosk Mode Root Privilege Escalation Issue
	Sun Solaris TCP Implementation Denial of Service Issue
	Linux Kernel Privilege Escalation and Denial of Service


My Profiles	My Filters	Exploits & PoC


My XML/RSS	24x7 Support	Free 14-Day Trial

Latest Linux Advisories - May 09, 2008

Customer Area


	Gentoo Update Fixes Wireshark Denial of Service Issues
	Gentoo Update Fixes eGroupWare Vulnerabilities
	Gentoo Update Fixes X11 Terminals Privilege Escalation
	Gentoo Update Fixes phpMyAdmin File Disclosure Issue
	Gentoo Update Fixes Horde Local File Inclusion Issue
	Gentoo Update Fixes KDE Privilege Escalation Vulnerability
	Mandriva Update Fixes ImageMagick Code Execution Issues


Username :
Password :

Forgot your password ?

Mailinglist

	Microsoft Windows Data Handling Privilege Escalation Vulnerability
	Microsoft Windows Kernel Privilege Escalation Vulnerability (MS08-025)
	Microsoft Internet Explorer Data Stream Code Execution (MS08-024)
	Microsoft Windows "hxvz.dll" ActiveX Code Execution (MS08-023)
	Microsoft Windows VBScript/JScript Code Execution Issue (MS08-022)
	Microsoft Windows GDI Code Execution Vulnerabilities (MS08-021)
	Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020)

	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Products "chrome:" URI Handling Directory Traversal Vulnerability
	Mozilla Thunderbird Code Injection and Memory Corruption Vulnerabilities

	Cisco Network Admission Control Shared Secret Disclosure Vulnerability
	Cisco UC Disaster Recovery Framework Command Execution Vulnerability
	Cisco IOS Denial of Service and Information Disclosure Vulnerabilities
	Cisco IOS Packets Processing Remote Denial of Service Vulnerability
	Cisco User-Changeable Password Remote Buffer Overflow Vulnerabilities
	Cisco Unified IP Phones Overflow and Denial of Service
	Cisco Unified Communication Manager "key" SQL Injection Vulnerability