Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to gain escalated privileges.
6957ab18c95ab71a7f0cf69ca779b1db5e9e7ed6afc898caa34403eec45470f9
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Sun Solaris namefs Kernel Module Privilege Escalation
SECUNIA ADVISORY ID:
SA31356
VERIFY ADVISORY:
http://secunia.com/advisories/31356/
CRITICAL:
Less critical
IMPACT:
DoS, System access
WHERE:
Local system
OPERATING SYSTEM:
Sun Solaris 8
http://secunia.com/product/94/
Sun Solaris 9
http://secunia.com/product/95/
Sun Solaris 10
http://secunia.com/product/4813/
DESCRIPTION:
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service) or to gain escalated privileges.
The vulnerability is caused due to an unspecified error within the
namefs kernel module. This can be exploited to cause a system panic
or to execute arbitrary code in kernel context.
The vulnerability is reported in Solaris 8, 9, and 10 for both the
SPARC and x86 platforms.
SOLUTION:
Apply patches.
-- SPARC Platform --
Solaris 8:
Apply patch 114984-02 or later.
Solaris 9:
Apply patch 114971-03 or later.
Solaris 10:
Apply patch 136716-01 or later.
-- x86 Platform --
Solaris 8:
Apply patch 114985-02 or later.
Solaris 9:
Apply patch 138570-01 or later.
Solaris 10:
Apply patch 136717-01 or later.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237986-1
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------