Uočeni nedostatak operacijskog sustava Sun Solaris može uzrokovati izvođenje DoS napada, a ispravke su uključene u novim inačicama. Sigurnosna ranjivost posljedica je neispravnog rada modula "mod_cache" i "mod_dav". Udaljeni napadač može uspješnim podmetanjem posebno oblikovanih zahtjeva uzrokovati napad uskraćivanjem usluga (eng. Denial of Service, DoS) na osjetljivom sustavu. Korisnicima se, u svrhu zaštite, savjetuje instalacija nove inačice sustava koja uključuje ispravke opisane nepravilnosti.
Sun Solaris HTTP Server "mod_dav" Remote Denial of Service Vulnerability
VUPEN ID VUPEN/ADV-2011-0291
CVE ID CVE-2010-1452
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Low Risk
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2011-02-07
Share Twitter LinkedIn Facebook Delicious Digg Slashdot
Technical Description
A vulnerability has been identified in Sun Solaris, which could be exploited by remote attackers to cause a denial of service. This issue is caused by an error in the HTTP server. For additional information, see : VUPEN/ADV-2010-1965
Affected Products
Sun Solaris 10
Solution
Sun Solaris 10 (SPARC) - Apply patch 120543-22
Sun Solaris 10 (X86) - Apply patch 120544-22
References
http://www.vupen.com/english/advisories/2011/0291
http://blogs.sun.com/security/entry/cve_2010_1452_mod_dav
Changelog
2011-02-07 : Initial release
Posljednje sigurnosne preporuke