Multiple vulnerabilities have been reported in Oracle Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to disclose potentially sensitive information and manipulate certain data.

1) An unspecified error in the bsmconv and bsmunconv components can be exploited by local users to gain escalated privileges.

2) An unspecified error in the Kernel/sockfs component can be exploited by local users to cause a crash.

3) An unspecified error in the gssd component can be exploited by local users to gain escalated privileges.

4) An unspecified error in the Password Policy component can be exploited by local users to gain escalated privileges.

5) An unspecified error in the Kernel/Privileges component can be exploited by local users to gain escalated privileges.

6) An unspecified error in the SCTP component can be exploited by local users to cause a crash.

7) An unspecified error in the libsasl component can be exploited to read, update, insert, or delete certain Solaris accessible data.

8) An unspecified error in the Kernel/GLD component can be exploited by authenticated users to read certain Solaris accessible data.

The vulnerabilities are reported in versions 8, 9, 10, and 11.

Solution
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by
It is currently unclear who reported the vulnerabilities as the Oracle Critical Patch Update for April 2012 only provides a bundled list of credits. This section will be updated when/if the original reporters provide more information.

Original Advisory
Oracle:
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixSUNS

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers