The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Solaris: several vulnerabilities of July 2013

Synthesis of the vulnerability 

Several vulnerabilities of Solaris are fixed by the CPU of July 2013.
Impacted products: Solaris, Trusted Solaris.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 17/07/2013.
Références of this threat: BID-61230, BID-61239, BID-61245, BID-61247, BID-61248, BID-61250, BID-61254, BID-61258, BID-61259, BID-61261, BID-61263, BID-61266, BID-61267, BID-61271, BID-61273, BID-61275, CERTA-2013-AVI-416, CERTA-2013-AVI-427, cpujuly2013, CVE-2013-0398, CVE-2013-3745, CVE-2013-3746, CVE-2013-3748, CVE-2013-3750, CVE-2013-3752, CVE-2013-3753, CVE-2013-3754, CVE-2013-3757, CVE-2013-3765, CVE-2013-3773, CVE-2013-3786, CVE-2013-3787, CVE-2013-3797, CVE-2013-3799, CVE-2013-3813, VIGILANCE-VUL-13131.

Description of the vulnerability 

A Critical Patch Update fixes several vulnerabilities of Solaris.

An attacker can use a vulnerability of Kernel/STREAMS framework, in order to trigger a denial of service. [severity:3/4; BID-61267, CVE-2013-3753]

An attacker can use a vulnerability of Driver/IDM (iSCSI Data Mover), in order to trigger a denial of service. [severity:3/4; BID-61271, CVE-2013-3748]

An attacker can use a vulnerability of Kernel/VM, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-61258, CVE-2013-3750]

An attacker can use a vulnerability of HA for TimesTen, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-61259, CVE-2013-3754]

An attacker can use a vulnerability of Zone Cluster Infrastructure, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-61254, CVE-2013-3746]

An attacker can use a vulnerability of SMF/File Locking Services, in order to alter information, or to trigger a denial of service. [severity:3/4; BID-61263, CVE-2013-3757]

An attacker can use a vulnerability of Kernel, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-61266, CVE-2013-3786]

An attacker can use a vulnerability of Libraries/PAM-Unix, in order to obtain or alter information. [severity:2/4; BID-61230, CVE-2013-3813]

An attacker can use a vulnerability of XSCF Control Package (XCP), in order to trigger a denial of service. [severity:2/4; BID-61247, CVE-2013-3773]

An attacker can use a vulnerability of Utility/Remote Execution Server(in.rexecd), in order to obtain information. [severity:2/4; BID-61250, CVE-2013-0398]

An attacker can use a vulnerability of Kernel, in order to trigger a denial of service. [severity:2/4; BID-61273, CVE-2013-3799]

An attacker can use a vulnerability of Kernel/VM, in order to trigger a denial of service. [severity:2/4; BID-61275, CVE-2013-3765]

An attacker can use a vulnerability of Filesystem/DevFS, in order to trigger a denial of service. [severity:2/4; BID-61239, CVE-2013-3797]

An attacker can use a vulnerability of Service Management Facility (SMF), in order to alter information. [severity:2/4; BID-61245, CVE-2013-3752]

An attacker can use a vulnerability of Kernel, in order to trigger a denial of service. [severity:2/4; BID-61248, CVE-2013-3787]

An attacker can use a vulnerability of Libraries/Libc, in order to trigger a denial of service. [severity:1/4; BID-61261, CVE-2013-3745]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability announce impacts software or systems such as Solaris, Trusted Solaris.

Our Vigil@nce team determined that the severity of this cybersecurity threat is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 16 vulnerabilities.

An attacker with a expert ability can exploit this computer threat bulletin.

Solutions for this threat 

Solaris: CPU of July 2013.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=1547593.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerabilities bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.