The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Solaris: several vulnerabilities of October 2012

Synthesis of the vulnerability 

Several vulnerabilities of Solaris are corrected by the CPU of October 2012.
Vulnerable products: Solaris, Trusted Solaris.
Severity of this weakness: 3/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 17/10/2012.
Références of this bulletin: BID-56012, BID-56016, BID-56023, BID-56029, BID-56034, BID-56038, BID-56048, BID-56049, BID-56052, BID-56053, BID-56060, BID-56062, BID-56064, BID-56069, BID-56074, BID-56077, CERTA-2012-AVI-586, cpuoct2012, CVE-2012-0217, CVE-2012-3165, CVE-2012-3187, CVE-2012-3189, CVE-2012-3199, CVE-2012-3203, CVE-2012-3204, CVE-2012-3205, CVE-2012-3206, CVE-2012-3207, CVE-2012-3208, CVE-2012-3209, CVE-2012-3210, CVE-2012-3211, CVE-2012-3212, CVE-2012-3215, CVE-2012-5095, VIGILANCE-VUL-12078, VU#649219.

Description of the vulnerability 

A Critical Patch Update corrects several vulnerabilities of Solaris.

A remote attacker can use a vulnerability of Kernel, in order to create a denial of service. [severity:3/4; BID-56077, CVE-2012-3210]

An attacker can use a vulnerability of iSCSI COMSTAR, in order to create a denial of service. [severity:3/4; BID-56064, CVE-2012-3189]

An attacker can use a vulnerability of Gnome Trusted Extension, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-56052, CVE-2012-3199]

An administrator in a guest ParaVirtualized 64 bit system can use the SYSRET instruction with an invalid RIP, in order to execute code on the host system with a 64 bit Intel processor (VIGILANCE-VUL-11693). [severity:2/4; CVE-2012-0217, VU#649219]

An attacker can use a vulnerability of Gnome Trusted Extension, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-56048, CVE-2012-3204]

An attacker can use a vulnerability of Kernel, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-56060, CVE-2012-3187]

An attacker can use a vulnerability of Logical Domain(LDOM), in order to alter information, or to create a denial of service. [severity:2/4; BID-56074, CVE-2012-3209]

An attacker can use a vulnerability of Kernel, in order to create a denial of service. [severity:2/4; BID-56062, CVE-2012-3207]

An attacker can use a vulnerability of Kernel/RCTL, in order to create a denial of service. [severity:2/4; BID-56069, CVE-2012-3208]

An attacker can use a vulnerability of Kernel, in order to create a denial of service. [severity:3/4; BID-56038, CVE-2012-3212]

An attacker can use a vulnerability of Kernel/System Call, in order to create a denial of service. [severity:2/4; BID-56049, CVE-2012-3211]

An attacker can use a vulnerability of inetd, in order to obtain information, to alter information, or to create a denial of service. [severity:2/4; BID-56029, CVE-2012-5095]

An attacker can use a vulnerability of mailx, in order to obtain or alter information. [severity:2/4; BID-56016, CVE-2012-3165]

An attacker can use a vulnerability of SPARC T3/T4, in order to obtain information. [severity:1/4; BID-56023, CVE-2012-3206]

An attacker can use a vulnerability of Gnome Display Manager (GDM), in order to create a denial of service. [severity:1/4; BID-56053, CVE-2012-3203]

An attacker can use a vulnerability of Vino server, in order to alter information. [severity:1/4; BID-56034, CVE-2012-3205]

An attacker can use a vulnerability of Kernel, in order to obtain information. [severity:1/4; BID-56012, CVE-2012-3215]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity threat impacts software or systems such as Solaris, Trusted Solaris.

Our Vigil@nce team determined that the severity of this computer threat note is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 17 vulnerabilities.

An attacker with a expert ability can exploit this security threat.

Solutions for this threat 

Solaris: CPU of October 2012.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=1475188.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerability note. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.