Home News Security Nortel response to Sun Alerts 253608 and 260951 on Solaris 10 Potential Vulnerabilities
Nortel response to Sun Alerts 253608 and 260951 on Solaris 10 Potential Vulnerabilities PDF Print E-mail
Thursday, 20 August 2009 22:33
Sun Microsystems has recently released the following 2 Sun Alerts: 1. Sun Alert 253608 - Solaris SCTP Packet Processing may Lead to a System Panic Resulting in a Denial of Service (DoS) http://sunsolve.sun.com/search/document.do?assetkey=1-66-253608-1 A vulnerability in Sun Solaris can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when processing SCTP packets, which can be exploited to cause a system panic. 2. Sun Alert 260951 - Solaris IP Filter (ipf(5)) May Lead to a Denial of Service (DoS) Condition http://sunsolve.sun.com/search/document.do?assetkey=1-66-260951-1 A security vulnerability in the Solaris IP Filter (ipfilter(5)) may allow a local or remote unprivileged user to panic the system. This is a type of Denial of Service (DoS). The vulnerability is caused due to an unspecified error in the Solaris IP Filter, which can be exploited to cause a system panic. Successful exploitation requires that ipfilter is enabled. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. This bulletin addresses the following CVEs: 1) CVE-2009-2486 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2486) Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets. 2) CVE-2009-2487 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2487) Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors. Before taking any action please ensure that you are viewing the latest official version of this
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=957338&poid=  
< Prev   Next >
 
click here