----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Sun Solaris SSH CBC Mode Plaintext Recovery Vulnerability

SECUNIA ADVISORY ID:
SA33121

VERIFY ADVISORY:
http://secunia.com/advisories/33121/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
>From local network

OPERATING SYSTEM:
Sun Solaris 9
http://secunia.com/advisories/product/95/
Sun Solaris 10
http://secunia.com/advisories/product/4813/

DESCRIPTION:
Sun has acknowledged a vulnerability in Solaris, which potentially
can be exploited by malicious people to disclose sensitive
information.

For more information:
SA32740

The vulnerability is reported in Solaris 9 and 10, and OpenSolaris
snv_01 or later, for both the SPARC and x86 platforms.

SOLUTION:
Disable the use of CBC mode ciphers. Please see vendor advisory for
additional information.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247186-1

OTHER REFERENCES:
SA32740:
http://secunia.com/advisories/32740/

US-CERT VU#958563:
http://www.kb.cert.org/vuls/id/958563

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------