The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102747 Security Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System

Two security vulnerabilities in the OpenSSL product may lead to a Denial of Service (DoS) in applications which make use of this product. Depending on the individual application, these vulnerabilities may allow a local or remote unprivileged user to provide data to the application which will cause it to consume excessive amounts of CPU time or system memory.

OpenSSL is shipped with Solaris 10 (see openssl(5)). This library is not shipped with Solaris 9, however, a number of Solaris 9 applications statically link against this library and may be affected by these vulnerabilities. This Sun Alert provides details about the individual patches which should be installed to update the OpenSSL product on Solaris 10 and all potentially impacted Solaris 9 applications.

These issues are also referenced at the following URLs:

The WAN Boot application, which is shipped with Solaris 9 and Solaris 10, is impacted by these vulnerabilities. For more information, please see Sun Alert 102759.

Avoidance: Patch
State: Resolved
First released: 12-Dec-2006

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.