TITLE: Sun Solaris Denial of Service and Exposure of Filenames SECUNIA ADVISORY ID: SA17157 VERIFY ADVISORY: http://secunia.com/advisories/17157/ CRITICAL: Not critical IMPACT: Exposure of system information, DoS WHERE: Local system OPERATING SYSTEM: Sun Solaris 10 http://secunia.com/product/4813/ DESCRIPTION: A weakness and a security issue have been reported in Solaris, which potentially can be exploited by malicious, local users to disclose system information and cause a DoS (Denial of Service). 1) An unspecified error in the "privilege management" feature of the file system may be exploited to panic a vulnerable system. 2) An unspecified security issue in the Process File System (procfs) may be exploited to disclose filename information in protected directories. The weakness and the security issue have been reported in Solaris 10 on SPARC and x86 architectures. SOLUTION: Apply patches. -- SPARC Platform -- Solaris 10: Apply patch 118822-19 or later. -- x86 Platform -- Solaris 10: Apply patch 118844-19 or later. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101895-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101949-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------