[security-alerts] FW: [SA24927] Sun Solaris and Java Web Console Format String Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> TITLE:
> Sun Solaris and Java Web Console Format String Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA24927
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24927/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Sun Solaris 10
> http://secunia.com/product/4813/
> 
> SOFTWARE:
> Sun Java Web Console 2.x
> http://secunia.com/product/13968/
> 
> DESCRIPTION:
> Frank Dick has reported a vulnerability in Sun Solaris and Java Web
> Console, which potentially can be exploited by malicious people to
> compromise a vulnerable system.
> 
> The vulnerability is caused due to a format string error when calling
> the "syslog()" function to log failed logins. This may be exploited to
> execute arbitrary code by logging in with specially crafted
> credentials.
> 
> The vulnerability is reported in Sun Solaris 10 prior to 11/06 and
> Sun Java Web Console versions 2.2.2 through 2.2.5.
> 
> SOLUTION:
> Update to Sun Java Web Console version 2.2.6 or apply patches.
> 
> Sun Java Web Console 2.2.6:
> http://www.sun.com/download/products.xml?id=461d58be
> 
> Sun Solaris 10, SPARC platform:
> Apply patch 121211-02.
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
> cid:1-21-121211-02-1
> 
> Sun Solaris 10, x86 platform:
> Apply patch 121212-02.
> http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:do
> cid:1-21-121212-02-1
> 
> PROVIDED AND/OR DISCOVERED BY:
> Frank Dick, n.runs AG
> 
> ORIGINAL ADVISORY:
> Sun Microsystems:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1
> 
> n.runs AG:
> http://www.nruns.com/security_advisory_sun_java_format_string.php
>