Secunia Logo  
 
Sun Solaris X Font Server / X Render and DBE Extensions Vulnerabilities
Secunia Advisory: SA24168
Release Date: 2007-02-14
Last Update: 2007-05-30
Popularity: 7,829 views

Critical:
Less critical
Impact: Privilege escalation
System access
Where: From local network
Solution Status: Vendor Patch

OS:Sun Solaris 10
Sun Solaris 8
Sun Solaris 9

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2003-0730
CVE-2006-6101
CVE-2006-6102
CVE-2006-6103


Description:
Sun has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious, local users to gain escalated privileges or by malicious users to compromise a vulnerable system.

For more information:
SA9651
SA23670

The vulnerabilities affect Solaris 8, 9, and 10 on both the x86 and SPARC platforms.

Solution:
Apply patches or follow workarounds suggested by the vendor.

-- Solaris 8 --

SPARC Platform:
Apply Patch 119067-06 or later and 109862-04 or later.

x86 Platform:
Apply Patch 119068-06 or later and 109863-04 or later.

-- Solaris 9 --

SPARC Platform:
Apply patch 112785-60 or later and 113923-03 or later.

x86 Platform:
Apply patch 112786-49 or later and 113924-03 or later.

-- Solaris 10 --

SPARC Platform:
Apply patch 119059-21 or later.

x86 Platform:
Apply patch 119060-20 or later and 118966-25 or later.

Changelog:
2007-05-30: Updated "Solution" with new information about patches for Solaris 9 and 10.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1

Other References:
SA9651:
http://secunia.com/advisories/9651/

SA23670:
http://secunia.com/advisories/23670/


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 8
New vulnerabilities: 20
Updated advisories: 11

Less // 167 views
Red Hat update for kernel
Less // 163 views
Ubuntu update for bind9
Less // 154 views
Ubuntu update for ntp
Less // 160 views
Red Hat update for bind

8th Jan, 2009
New advisories: 24
New vulnerabilities: 99
Updated advisories: 26


Solutions | More...  


Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. XOOPS "mydirname" PHP Code Injection Vulnerability // 106 views
2. CuteNews Cross-Site Scripting and PHP Code Execution Vulnerabilities // 96 views
3. Ubuntu update for ntp // 56 views
4. Red Hat update for kernel // 56 views
5. Ubuntu update for bind9 // 52 views
6. Red Hat update for bind // 50 views
7. Sun Java JDK / JRE Multiple Vulnerabilities // 33 views
8. Adobe Flash Player Multiple Security Issues and Vulnerabilities // 25 views
9. Internet Explorer Data Binding Memory Corruption Vulnerability // 24 views
10. SAP GUI TabOne ActiveX Control Caption List Buffer Overflow // 24 views