---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Sun Solaris "w" Utility Privilege Escalation SECUNIA ADVISORY ID: SA36719 VERIFY ADVISORY: http://secunia.com/advisories/36719/ DESCRIPTION: A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error in the "w" utility and can be exploited to cause heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code with "root" privileges. The vulnerability is reported in Sun Solaris 9 and 10 and OpenSolaris for both the SPARC and x86 platforms. SOLUTION: Apply patches. -- SPARC Platform -- Solaris 9: Apply patch 113718-04 or later. Solaris 10: Apply patch 142286-01 or later OpenSolaris: Fixed in build snv_124 or later. -- x86 Platform -- Solaris 9: Apply patch 113996-05 or later. Solaris 10: Apply patch 142285-01 or later. OpenSolaris: Fixed in build snv_124 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Monarch Rich. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266348-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------