Sun Microsystems Inc. Information for VU#850785

Sun KCMS library service daemon does not adequately validate location of KCMS profiles



Vendor Statement

Sun confirms that this kcms_server(1) vulnerability does affect all currently supported versions of Solaris:

Solaris 2.6, 7, 8, and 9
Sun will be releasing a Sun Alert which describes two possible workarounds until a final resolution is reached which will be available from the following location shortly:


The Sun Alert will be updated once a final resolution is available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.