-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2012-0004
 
Title: Remote Security Vulnerability in Oracle Sun Solaris [1]
 
Version history:
18.01.2012 Initial publication

Summary
=======
Oracle Sun Solaris is prone to a remote security vulnerability. Fixes are available.[2]
 
+ CVE-2012-0099 Remote Security Vulnerability [1]
CVSS v2 Base Score: 5.0 (MEDIUM)

Remote: Yes
Credibility: Vendor Confirmed
Impact: A remote user can send specially crafted data via SSH to cause partial denial of service conditions. [3]

Original description
====================
The vulnerability can be exploited over the 'SSH' protocol. The 'sshd' sub component is affected.[1]
No working exploit is known as yet.

Vulnerable systems
==================
Sun Solaris 9 Express
Sun Solaris 10 Express
Sun Solaris 11 Express

What can you do?
================
Updates are available from the vendor. [2]

What to tell your users?
========================
N/A

More information
================
[1] http://www.securityfocus.com/bid/51500/info
[2] http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
[3] http://www.securitytracker.com/id/1026538

Best regards,
CERT-EU
CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383

(DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in  a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to  contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned  about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact  information or even the team name may change as well.)
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.39

iQJXBAEBAgBBBQJPFqIpOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp
b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4P3IBAArmoETbDK
vbcTfgpRiMbaA2AWYHqq8I19XfCbpa6F3u/64QrEAkh264YCLhqyTwL8SvonTkv0
KUbSWCVQoR5K5Spj1QIeU3Yiz7BJGXkZPRgCybmxr8oL2ZMBaQwgGRMSIFMRAnoN
er53a5ECPAalAXdjyuL/nkpJHLjWJGF0+SZJ7N/+unYrEA4tEWtgevwK6VW4NFxC
0vYsvnwfMENBmk4mMkVRdGZlWOZbBGxnsEPWssbyq5qmzff+PG1wGhfxxNip3gnz
hBM0MbJMgtPOTQ2tHtXBpovrncDiYNufMHnpbd4t12UvoEX8czy1v47DB3Dqlu9U
0mfMsELLRGnWfgO6PV5M/sPv3ZADwVnJP53YzOW11DglhsjL3kvYvAZkuUAWKPNC
gCO0DndGDm2F0szIaoCYVjUTc+OJmi69niKdyPx60Z6ItBMsG0Oajd9BFDMvjrx/
v7prlx/l9khzOF6cdQZcsh/gPVVXTXpocwzljJFjZetb1yCiRouIuIfmHdfopYce
9J7XPP4j1UBRUILlaQI1oJ3dwoR+CZ2vYBVBysAnlDK0tdswHjDfssbwrgcWIviv
vXZpBp9lOSjz24p+HdX4onSDJ9/9YUTXJkRYOb56VDOGIknzdx3LKAOnhX61oYUt
4GwUfGxmiwEo8EMS1sA3wOh6W/TuSk7K9VI=
=L51u
-----END PGP SIGNATURE-----