Sun Solaris Trusted Extensions Network Labeling Security Bypass - Security


Editor Login \| Register		Ekle

> World > Security

Sun Solaris Trusted Extensions Network Labeling Security Bypass - Security - World -

CWRedLight

(Date : 11.04.2008 17:24:34)

Sun Solaris Trusted Extensions Network Labeling Security Bypass

Secunia Advisory:	SA29730
Release Date:	2008-04-11

Critical:	Less critical
Impact:	Security Bypass
Where:	From local network
Solution Status:	Vendor Workaround

OS:	Sun Solaris 10

Description:
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error in the implementation of Solaris Trusted Extensions. This can be exploited to bypass network labeling restrictions and transfer network data between untrusted applications in zones with different labels.

The vulnerability is reported in Solaris 10 11/06 release or later with Solaris Trusted Extensions enabled for both the SPARC and x86 platforms.

Solution:
Apply interim security reliefes (please see vendor advisory for details).

-- SPARC Platform --

Apply IDR137429-01 or IDR137431-01.

-- x86 Platform --

Apply IDR137430-01 or IDR137432-01.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-235421-1

Derecelendir

Kaynak

http://secunia.com/advisories/29730/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS