ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA25597] Sun Java System Products NSS SSLv2 Processing Buffer Overflows

> 
> TITLE:
> Sun Java System Products NSS SSLv2 Processing Buffer Overflows
> 
> SECUNIA ADVISORY ID:
> SA25597
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/25597/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Sun Java System Web Server (Sun ONE/iPlanet) 6.x
> http://secunia.com/product/92/
> Sun Java System Web Proxy Server 4.x
> http://secunia.com/product/12788/
> Sun Java System Application Server 8.x
> http://secunia.com/product/3509/
> Sun Java System Web Server 7.x
> http://secunia.com/product/14474/
> 
> DESCRIPTION:
> Sun has acknowledged some vulnerabilities in various Sun Java System
> products, which potentially can be exploited by malicious people to
> compromise a vulnerable system.
> 
> For more information:
> SA24253
> 
> The vulnerabilities are reported in the following products:
> 
> SPARC, x86, Linux, and Windows platform:
> * Sun Java System Application Server Enterprise Edition 8.1 2005 Q1
> * Sun Java System Application Server Platform Edition 8.1 2005 Q1
> * Sun Java System Web Server 6.1
> * Sun Java System Web Server 7.0
> * Sun Java System Web Proxy Server 4.0 without Service Pack 5
> 
> AIX Platform:
> * Sun Java System Web Server 6.1
> 
> HP-UX Platform:
> * Sun Java System Web Server 6.1
> * Sun Java System Web Server 7.0
> * Sun Java System Web Proxy Server 4.0 without Service Pack 5
> 
> Note: SSLv2 is disabled by default in the Sun Java System Application
> Server, Sun Java System Web Server, and Sun Java System Web Proxy
> Server.
> 
> SOLUTION:
> Apply patches or disable SSLv2.
> 
> -- SPARC Platform --
> 
> Sun Java System Application Server Enterprise Edition 8.1 2005 Q1:
> Apply (file-based) patch 119169-16 or later or (SVR4) patch 119166-24
> or later.
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119169-16-1
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119166-24-1
> 
> Sun Java System Application Server Platform Edition 8.1 2005 Q1:
> Apply (file-based) patch 119173-16 or later or (SVR4) patch 119166-24
> or later.
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119173-16-1
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119166-24-1
> 
> Sun Java System Web Proxy Server 4.0:
> Apply Service Pack 5 or later.
> http://www.sun.com/download/products.xml?id=4648dc96
> 
> -- x86 Platform --
> 
> Sun Java System Application Server Enterprise Edition 8.1 2005 Q1:
> Apply (file-based) patch 119170-16 or later or (SVR4) patch 119167-24
> or later.
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119170-16-1
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119167-24-1
> 
> Sun Java System Application Server Platform Edition 8.1 2005 Q1:
> Apply (file-based) patch 119174-16 or later or (SVR4) patch 119167-24
> or later.
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119174-16-1
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119167-24-1
> 
> Sun Java System Web Proxy Server 4.0:
> Apply Service Pack 5 or later.
> http://www.sun.com/download/products.xml?id=4648dc96
> 
> -- Linux Platform --
> 
> Sun Java System Application Server Enterprise Edition 8.1 2005 Q1:
> Apply (file-based) patch 119171-16 or later or RHEL2.1/RHEL3.0
> (Pkg_patch) 119168-24 or later.
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119171-16-1
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119168-24-1
> 
> Sun Java System Application Server Platform Edition 8.1 2005 Q1:
> Apply (file-based) patch 119175-16 or later or RHEL2.1/RHEL3.0
> (Pkg_patch) 119168-24 or later.
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119175-16-1
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119168-24-1
> 
> Sun Java System Web Proxy Server 4.0:
> Apply Service Pack 5 or later.
> http://www.sun.com/download/products.xml?id=4648dc96
> 
> -- HP-UX Platform --
> 
> Sun Java System Web Proxy Server 4.0:
> Apply Service Pack 5 or later.
> http://www.sun.com/download/products.xml?id=4648dc96
> 
> -- Windows Platform --
> 
> Sun Java System Application Server Enterprise Edition 8.1 2005 Q1:
> Apply (file-based) patch 119172-16 or later or (package based patch)
> 122848-09 or later.
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119172-16-1
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-122848-09-1
> 
> Sun Java System Application Server Platform Edition 8.1 2005 Q1:
> Apply (file-based) patch 119176-16 or later.
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
cid:1-21-119176-16-1
> 
> Sun Java System Web Proxy Server 4.0:
> Apply Service Pack 5 or later.
> http://www.sun.com/download/products.xml?id=4648dc96
> 
> A final resolution is pending completion.
> 
> ORIGINAL ADVISORY:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
> 
> OTHER REFERENCES:
> SA24253:
> http://secunia.com/advisories/24253/
> 
>

 



Copyright © Lexa Software, 1996-2009.