Sun Microsystems Inc. Information for VU#650937

Home | FAQ | Contact | Privacy Policy

Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

View Notes By

Other Documents

Sun Microsystems Inc. Information for VU#650937

Date Notified:	2003-01-20
Date Updated:
Statement Date:
Status Summary:	Vulnerable

Vendor Statement

Sun does not include CVS with Solaris and therefore Solaris is not affected by this issue. Sun does provide CVS on the Solaris Companion CD:

http://wwws.sun.com/software/solaris/freeware/index.html

as an unsupported package which installs to /opt/sfw and is vulnerable to this issue. Sites using the freeware version of CVS from the Solaris Companion CD will have to upgrade to a later version from CVS Home.

Sun Linux, versions 5.0.3 and below, does ship with a vulnerable CVS package. Sun recommends that CVS services be disabled on affected Sun Linux systems until patches are available for this issue.

Sun will be publishing a Sun Alert for Sun Linux describing the patch information which will be available from:

http://sunsolve.Sun.COM

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Sun Cobalt Legacy Products and Linux 5.0.3 are vulnerable:

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50439&zone_32=category:security

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information