X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102711 Security Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated Privileges

Guest Author
Product: Solaris 10 Operating System

Two security vulnerabilities in the OpenSSL product (see openssl(5)) shipped with Solaris 10 may affect applications which make use of this product. Depending on the individual application, the first issue may allow a local or remote unprivileged user to execute arbitrary code with the privileges of the user running the application.

The second issue may allow a remote user who controls a server to which an application connects to crash that application, causing a Denial of Service (DoS) condition.

These issues are also referenced in the following documents:

http://www.openssl.org/news/secadv_20060928.txt

CVE-2006-3738 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738

CVE-2006-4343 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Sun wishes to acknowledge with thanks, Tavis Ormandy and Will Drewry (Google Security Team) for bringing these issues to our attention.

Avoidance: Patch
State: Resolved
First released: 09-Nov-2006

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.