The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Solaris: several vulnerabilities of January 2014

Synthesis of the vulnerability 

Several vulnerabilities of Solaris were announced in January 2014.
Impacted products: Solaris, Trusted Solaris.
Severity of this bulletin: 2/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 15/01/2014.
Références of this threat: BID-64840, BID-64843, BID-64850, BID-64853, BID-64856, BID-64859, BID-64862, BID-64866, BID-64871, BID-64876, CERTA-2014-AVI-031, cpujan2014, CVE-2003-1067, CVE-2013-2924, CVE-2013-5821, CVE-2013-5833, CVE-2013-5834, CVE-2013-5872, CVE-2013-5875, CVE-2013-5876, CVE-2013-5883, CVE-2013-5885, CVE-2014-0390, VIGILANCE-VUL-14091.

Description of the vulnerability 

Several vulnerabilities were announced in Solaris.

An attacker can use a vulnerability of Localization (L10N), in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64840, CVE-2003-1067]

An attacker can use a vulnerability of "ps", in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64843, CVE-2013-5834]

An attacker can use a vulnerability of Filesystem, in order to trigger a denial of service. [severity:2/4; BID-64850, CVE-2013-5833]

An attacker can use a vulnerability of Kernel, in order to trigger a denial of service. [severity:2/4; BID-64853, CVE-2013-5876]

An attacker can use a vulnerability of Remote Procedure Call (RPC), in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64856, CVE-2013-5821]

An attacker can use a vulnerability of Java Web Console, in order to alter information. [severity:2/4; BID-64859, CVE-2014-0390]

An attacker can use a vulnerability of Kernel, in order to alter information, or to trigger a denial of service. [severity:2/4; BID-64862, CVE-2013-5883]

An attacker can use a vulnerability of Role Based Access Control (RBAC), in order to alter information, or to trigger a denial of service. [severity:1/4; BID-64866, CVE-2013-5875]

An attacker can use a vulnerability of Name Service Cache Daemon (NSCD), in order to trigger a denial of service. [severity:1/4; BID-64871, CVE-2013-5872]

An attacker can use a vulnerability of Localization (L10N), in order to trigger a denial of service. [severity:1/4; CVE-2013-2924]

An attacker can use a vulnerability of Audit, in order to alter information. [severity:1/4; BID-64876, CVE-2013-5885]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness bulletin impacts software or systems such as Solaris, Trusted Solaris.

Our Vigil@nce team determined that the severity of this computer weakness is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

This bulletin is about 11 vulnerabilities.

An attacker with a expert ability can exploit this vulnerability announce.

Solutions for this threat 

Solaris: CPU of January 2014.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=1607615.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities bulletin. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.