CERTA-2003-AVI-165
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans Sun Solaris permet à un utilisateur local mal intentionné d'avoir accès à des informations sensibles.
Description
Une vulnérabilité dans l'appel système sysinfo() sous Sun Solaris permet à un utilisateur local mal intentionné de lire potentiellement n'importe quelle partie de la mémoire du noyau, pouvant contenir des informations sensibles.
Solution
Appliquer le correctif de sécurité selon la version de Solaris et la plate-forme impactée (cf. section Systèmes affectés et section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sun Solaris 8 - Plates-formes SPARC et x86 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Sun Solaris 9 - Plates-formes SPARC uniquement.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Sun Solaris 2.6 - Plates-formes SPARC et x86 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Sun Solaris 7 - Plates-formes SPARC et x86 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans l\u0027appel syst\u00e8me sysinfo() sous Sun Solaris permet\n\u00e0 un utilisateur local mal intentionn\u00e9 de lire potentiellement n\u0027importe\nquelle partie de la m\u00e9moire du noyau, pouvant contenir des informations\nsensibles.\n\n## Solution\n\nAppliquer le correctif de s\u00e9curit\u00e9 selon la version de Solaris et la\nplate-forme impact\u00e9e (cf. section Syst\u00e8mes affect\u00e9s et section\nDocumentation).\n",
"cves": [],
"links": [
{
"title": "Notification d\u0027alerte Sun #57340 :",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57340"
}
],
"reference": "CERTA-2003-AVI-165",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Divulgation d\u0027informations sensibles"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans Sun Solaris permet \u00e0 un utilisateur local mal\nintentionn\u00e9 d\u0027avoir acc\u00e8s \u00e0 des informations sensibles.\n",
"title": "Vuln\u00e9rabilit\u00e9 de l\u0027appel syst\u00e8me sysinfo sous Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Notification d\u0027alerte Sun # 57340",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…