---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Sun Products NSS TLS Session Renegotiation Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA37566 VERIFY ADVISORY: http://secunia.com/advisories/37566/ DESCRIPTION: Sun has acknowledged a vulnerability in Sun Solaris and Sun Java Enterprise System, which can be exploited by malicious people to manipulate certain data. For more information: SA37291 SOLUTION: The vulnerability is fixed in the following applications, which do not rely on TLS session renegotiation: -- Linux -- Sun Java Enterprise System 2005Q4 and Sun Java Enterprise System 5 (for RHEL2.1 and RHEL3.0): Apply patch 142506-03 or later Sun Java Enterprise System 5 (for RHEL4.0 and RHEL5.0): Apply patch 121656-21 or later -- HP-UX -- Sun Java Enterprise System 2005Q4 and Sun Java Enterprise System 5: Apply patch 124379-12 or later -- Windows -- Sun Java Enterprise System 2005Q4: Apply patch 124392-11 or later Sun Java Enterprise System 5: Apply patch 125923-10 or later Preliminary Temporary Patches have been released for the following applications, which disables TLS session renegotiation: http://sunsolve.sun.com/tpatches -- SPARC Platform -- Solaris 8: T-Patch T119209-22 Solaris 9: T-Patch T119211-22 Solaris 10: T-Patch T119213-21 Sun Java Enterprise System 5 (for Solaris 8, Solaris 9, and Solaris 10): T-Patch T125358-10 -- X86 Platform -- Solaris 9: T-Patch T119212-22 Solaris 10: T-Patch T119214-21 Sun Java Enterprise System 5 (for Solaris 8, Solaris 9, and Solaris 10): T-Patch T125359-10 ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1 OTHER REFERENCES: SA37291: http://secunia.com/SA37291/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------