Sun patches two Solaris security holes

Sun Microsystems Inc. released a patch that closed two security holes in its Solaris operating system Tuesday. The holes could have allowed an attacker to take control of vulnerable systems.

The vulnerabilities affect the snmpdx and mibiisa agents that are components of versions 2.6, 7 and 8 of the company’s Solaris operating system, according to an alert from Sun, in Palo Alto, California. The two affected agents both run with root privileges, the highest level of access on systems, and are part of the OS’s SNMP (Simple Network Management Protocol) capabilities. The capabilities allow for device configuration and administration. The snmpdx agent monitors SNMP requests and information from the system and forwards relevant information on to mibiisa, Sun said.

The vulnerabilities come in the form of a format string vulnerability in snmpdx and a buffer overflow in mibiisa, Sun said. Both vulnerabilties can be exploited locally and remotely, the company said.

The flaw is mitigated because the vulnerabilities only exist on systems running Sun Solstice Enterprise Master Agent, snmpdx and mibiisa, Sun added.

Patches for the affected operating systems are available at http://sunsolve.sun.com/securitypatch.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now