«
»

Sun Products NSS TLS Session Renegotiation Plaintext Injection Vulnerability


Sun Products NSS TLS Session Renegotiation Plaintext Injection Vulnerability

SECUNIA ADVISORY ID: SA37566

VERIFY ADVISORY: http://secunia.com/advisories/37566/

DESCRIPTION: Sun has acknowledged a vulnerability in Sun Solaris and Sun Java Enterprise System, which can be exploited by malicious people to manipulate certain data.

For more information: SA37291

SOLUTION: The vulnerability is fixed in the following applications, which do not rely on TLS session renegotiation:

– Linux –

Sun Java Enterprise System 2005Q4 and Sun Java Enterprise System 5 (for RHEL2.1 and RHEL3.0): Apply patch 142506-03 or later

Sun Java Enterprise System 5 (for RHEL4.0 and RHEL5.0): Apply patch 121656-21 or later

— HP-UX –

Sun Java Enterprise System 2005Q4 and Sun Java Enterprise System 5: Apply patch 124379-12 or later

— Windows –

Sun Java Enterprise System 2005Q4: Apply patch 124392-11 or later

Sun Java Enterprise System 5: Apply patch 125923-10 or later

Preliminary Temporary Patches have been released for the following applications, which disables TLS session renegotiation: http://sunsolve.sun.com/tpatches

– SPARC Platform –

Solaris 8: T-Patch T119209-22

Solaris 9: T-Patch T119211-22

Solaris 10: T-Patch T119213-21

Sun Java Enterprise System 5 (for Solaris 8, Solaris 9, and Solaris 10): T-Patch T125358-10

— X86 Platform –

Solaris 9: T-Patch T119212-22

Solaris 10: T-Patch T119214-21

Sun Java Enterprise System 5 (for Solaris 8, Solaris 9, and Solaris 10): T-Patch T125359-10

ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1

OTHER REFERENCES: SA37291: http://secunia.com/SA37291/

———————————————————————-

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

———————————————————————-

Dieser Beitrag wurde am Donnerstag 3. Dezember 2009, 21:20 unter Bugs / Fehlermeldungen verfasst. Sie können alle Antworten auf diesen Beitrag nachverfolgen mit RSS 2.0. Sie können eine Antwort, oder einen Trackback von Ihrer eigenen Seite hinterlassen.

  1. Bisher keine Kommentare.

Sie müssen angemeldet sein, um einen Beitrag zu verfassen.