Sun.Solaris.JavaWebConsole.Format.String
Description
There is a format string vulnerability in Sun Solaris and Java Web Console. The vulnerability may occur when calling the "syslog()" function to log a failed login attempt. It may be exploited to execute arbitrary code by sending malformed authentication data.
Affected Products
Sun Solaris 10 prior to 11/06
Sun Java Web Console versions 2.2.2 through 2.2.5.
Impact
System compromise: remote code execution.
Recommended Actions
Update to Sun Java Web Console version 2.2.6 or apply patches.
Sun Java Web Console 2.2.6:
http://www.sun.com/download/products.xml?id=461d58be
Sun Solaris 10, SPARC platform:
Apply patch 121211-02.
Sun Solaris 10, x86 platform:
Apply patch 121212-02.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |