-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0004 Title: Remote Security Vulnerability in Oracle Sun Solaris [1] Version history: 18.01.2012 Initial publication Summary ======= Oracle Sun Solaris is prone to a remote security vulnerability. Fixes are available.[2] + CVE-2012-0099 Remote Security Vulnerability [1] CVSS v2 Base Score: 5.0 (MEDIUM) Remote: Yes Credibility: Vendor Confirmed Impact: A remote user can send specially crafted data via SSH to cause partial denial of service conditions. [3] Original description ==================== The vulnerability can be exploited over the 'SSH' protocol. The 'sshd' sub component is affected.[1] No working exploit is known as yet. Vulnerable systems ================== Sun Solaris 9 Express Sun Solaris 10 Express Sun Solaris 11 Express What can you do? ================ Updates are available from the vendor. [2] What to tell your users? ======================== N/A More information ================ [1] http://www.securityfocus.com/bid/51500/info [2] http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html [3] http://www.securitytracker.com/id/1026538 Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJPFqIpOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4P3IBAArmoETbDK vbcTfgpRiMbaA2AWYHqq8I19XfCbpa6F3u/64QrEAkh264YCLhqyTwL8SvonTkv0 KUbSWCVQoR5K5Spj1QIeU3Yiz7BJGXkZPRgCybmxr8oL2ZMBaQwgGRMSIFMRAnoN er53a5ECPAalAXdjyuL/nkpJHLjWJGF0+SZJ7N/+unYrEA4tEWtgevwK6VW4NFxC 0vYsvnwfMENBmk4mMkVRdGZlWOZbBGxnsEPWssbyq5qmzff+PG1wGhfxxNip3gnz hBM0MbJMgtPOTQ2tHtXBpovrncDiYNufMHnpbd4t12UvoEX8czy1v47DB3Dqlu9U 0mfMsELLRGnWfgO6PV5M/sPv3ZADwVnJP53YzOW11DglhsjL3kvYvAZkuUAWKPNC gCO0DndGDm2F0szIaoCYVjUTc+OJmi69niKdyPx60Z6ItBMsG0Oajd9BFDMvjrx/ v7prlx/l9khzOF6cdQZcsh/gPVVXTXpocwzljJFjZetb1yCiRouIuIfmHdfopYce 9J7XPP4j1UBRUILlaQI1oJ3dwoR+CZ2vYBVBysAnlDK0tdswHjDfssbwrgcWIviv vXZpBp9lOSjz24p+HdX4onSDJ9/9YUTXJkRYOb56VDOGIknzdx3LKAOnhX61oYUt 4GwUfGxmiwEo8EMS1sA3wOh6W/TuSk7K9VI= =L51u -----END PGP SIGNATURE-----