Sun plugs hole in Solaris kernel
A vulnerability in the Solaris kernel could allow users on multi-user systems to spy on other users' data. The flaw is related to an integer overflow in the systeminfo.c. module, reports iDefense. When certain parameters are entered, the function copies parts of the kernel memory into the user space, even if the process is being called up by a user with restricted rights. Under certain circumstances , attackers could be provided data such as keys and passwords. The flaw affects Solaris 10. Sun has released an update for Sparc and x86.
- Potential Kernel Memory Disclosure Vulnerability in the Solaris sysinfo(2) System Call, Alert notification from Sun
- Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability, Advisory from iDefense
(ehe)