Sun Microsystems Inc. Information for VU#850785

Sun KCMS library service daemon does not adequately validate location of KCMS profiles

Status

Affected

Vendor Statement

Sun confirms that this kcms_server(1) vulnerability does affect all currently supported versions of Solaris:

    Solaris 2.6, 7, 8, and 9

Sun will be releasing a Sun Alert which describes two possible workarounds until a final resolution is reached which will be available from the following location shortly:

The Sun Alert will be updated once a final resolution is available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.