Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris and Sun Java Enterprise System, which can be exploited by malicious people to manipulate certain data.
9eb16fb207fb36596949feadcba4f38a36d92df9590050a9822ee98f8eced587----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Sun Products NSS TLS Session Renegotiation Plaintext Injection
Vulnerability
SECUNIA ADVISORY ID:
SA37566
VERIFY ADVISORY:
http://secunia.com/advisories/37566/
DESCRIPTION:
Sun has acknowledged a vulnerability in Sun Solaris and Sun Java
Enterprise System, which can be exploited by malicious people to
manipulate certain data.
For more information:
SA37291
SOLUTION:
The vulnerability is fixed in the following applications, which do
not rely on TLS session renegotiation:
-- Linux --
Sun Java Enterprise System 2005Q4 and Sun Java Enterprise System 5
(for RHEL2.1 and RHEL3.0):
Apply patch 142506-03 or later
Sun Java Enterprise System 5 (for RHEL4.0 and RHEL5.0):
Apply patch 121656-21 or later
-- HP-UX --
Sun Java Enterprise System 2005Q4 and Sun Java Enterprise System 5:
Apply patch 124379-12 or later
-- Windows --
Sun Java Enterprise System 2005Q4:
Apply patch 124392-11 or later
Sun Java Enterprise System 5:
Apply patch 125923-10 or later
Preliminary Temporary Patches have been released for the following
applications, which disables TLS session renegotiation:
http://sunsolve.sun.com/tpatches
-- SPARC Platform --
Solaris 8:
T-Patch T119209-22
Solaris 9:
T-Patch T119211-22
Solaris 10:
T-Patch T119213-21
Sun Java Enterprise System 5 (for Solaris 8, Solaris 9, and Solaris
10):
T-Patch T125358-10
-- X86 Platform --
Solaris 9:
T-Patch T119212-22
Solaris 10:
T-Patch T119214-21
Sun Java Enterprise System 5 (for Solaris 8, Solaris 9, and Solaris
10):
T-Patch T125359-10
ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1
OTHER REFERENCES:
SA37291:
http://secunia.com/SA37291/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed