Sun Microsystems Inc. Information for VU#850785
Sun KCMS library service daemon does not adequately validate location of KCMS profiles
Sun confirms that this kcms_server(1) vulnerability does affect all currently supported versions of Solaris:
Solaris 2.6, 7, 8, and 9
Sun will be releasing a Sun Alert which describes two possible workarounds until a final resolution is reached which will be available from the following location shortly:
The Sun Alert will be updated once a final resolution is available.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.