For best results: this site
requires that cookies be enabled for proper operation - see Legal Page for more info
Select Any of These
Sun Microsystems Bugs
LAST UPDATED:
Thursday, 14 February 2008 20:47:39 -0600
Changes to this page
are IN PROGRESS
SUN SOLARIS PATCHES
Sun Microsystems continually releases operating system
patches to address known bugs or those that reflect security concerns,
designating them as recommended and security patches, respectively.
For a complete list of these patches as they relate to your version of
Solaris, visit the following area of Sun's support Web site:
Java Web Server is a Java-oriented Web application
development platform. A vulnerability exists in version 1.1 beta,
exploitable to reveal system information not intended for disclosure
to the client, such as database user names and passwords, resource
locations, Web site and network structure, and business models. This
bug was fixed in version 1.1.2, but Sun updated Java Web Server to 2.0
shortly thereafter.
A vulnerability exists in the handling of the -r
option to the lpset program, as included in Solaris 7 from Sun
Microsystems. The undocumented -r option has no known use. When
supplied a well-crafted buffer containing executable code, this option
can execute arbitrary commands as root. There are no patches available
from Sun. However, removal of the setuid bit on the lpset executable
will eliminate this problem. As this program is intended only for the
use of root and members of the sysadmin group, removal of this bit
should not significantly affect the system.
SOLARIS UFSRESTORE BUFFER OVERFLOW
A file system utility included with Sun Solaris 2.6,
7.0, and 8.0 called ufsrestore contains a bug that could allow a
malicious user to execute code as root. Despite safety measures put in
place by the original programmers, ufsrestore contains a function that
does not correctly verify the size of a buffer sent to it. This can
cause the function to overflow, thereby allowing root privileges (ufsrestore
is setuid root by default). A simple workaround is to remove the
setuid bit from ufsrestore. Beyond that, there is not yet an official
fix for this problem. Concerned users are urged to contact Sun
Microsystems for more information.
The Xsun X11 server, shipped as part of Solaris 7,
contains a buffer overrun vulnerability. By supplying a long argument
to the -dev option, one can execute arbitrary code as root, and
further use this to gain root privileges, resulting in a systemwide
security compromise.
Sun Microsystems has not yet patched this problem, but there are two
simple workarounds. On Sparc platforms, remove the setgid bit on the
binary. On X86 platforms, you may need to run Xsun as root in order to
access your video device. In this case, you could remove the setuid
bit and launch Xsun only via the dtlogin program, or xdm. dtconfig -e.
NETSCAPE JAVA-AS-WEB-SERVER BUG
Programmer and bug researcher Dan Brumleve has
discovered a bug in Netscape's implementation of Sun Microsystems'
Java programming language. It effectively allows an unsigned Java
applet to read files off a computer and distribute them by acting as a
Web server. Brumleve has dubbed this bug the Brown Orifice. Netscape
has confirmed and fixed the bug with version 4.75. Users who have not
yet upgraded to this new version are urged to do so. Furthermore,
Netscape 6 PR1 and PR2 are also not susceptible to Brown Orifice. For
more information, browse to
Users trying to use Lexmark printers on Sun Solaris 2
systems will experience initial difficulties. There is a known problem
with the Lexmark Virtual Jetprinter working on the ecpp parallel port
of PCI-based SPARCstations, such as the UltraSPARC 30. A patch from
Sun must be applied to correct this ecpp device driver problem. For
Solaris 2.5.1 the patch is T104605-08 or later, and for Solaris 2.6
the patch is T105741-05 or later. To download the patches, browse to
Changes to this page
are IN PROGRESS 