Secunia Advisory: SA28151  
Release Date: 2007-12-19

Critical:
Moderately critical
Impact: Security Bypass
Where: From local network
Solution Status: Vendor Patch

Software:Sun Management Center (SunMC) 3.x
  Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS!
Description:
A security issue has been reported in Sun Management Center, which can be exploited by malicious people to bypass certain security restrictions.

The problem is caused due to an existing default account within the Oracle database component and can be exploited to gain access to the database and execute arbitrary code with privileges of the Oracle database server.

The security issue is reported in Sun Management Center 3.6.1, 3.6, and 3.5 Update 1.

Solution:
Apply patches.

Sun MC 3.5 Update 1 (for Solaris 8):
Patch 118388-11 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-118388-11-1

Sun MC 3.5 Update 1 (for Solaris 9):
Patch 118389-12 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-118389-12-1

Sun MC 3.6 (for Solaris 8):
Patch 127380-01 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-127380-01-1

Sun MC 3.6 (for Solaris 9):
Patch 127381-01 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-127381-01-1

Sun MC 3.6 (for Solaris 10):
Patch 127383-01 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-127383-01-1

Sun MC 3.6.1 (for Solaris 8):
Patch 123920-04 or later

Sun MC 3.6.1 (for Solaris 9):
Patch 123921-04 or later

Sun MC 3.6.1 (for Solaris 10):
Patch 123923-04 or later

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103152-1

資料來源 http://secunia.com/advisories/28151/
arrow
arrow
    全站熱搜
    創作者介紹
    創作者 ivan0914 的頭像
    ivan0914

    I'n Blog 之萬象真藏

    ivan0914 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄