Multiple OpenSSL vulnerabilities in Sun SPARC Enterprise M-series XCP Firmware

Posted by RitwikGhoshal on Oracle Blogs See other posts from Oracle Blogs or by RitwikGhoshal
Published on Wed, 26 Sep 2012 00:48:46 +0000 Indexed on 2012/09/26 3:44 UTC
Read the original article Hit count: 258

Filed under:

/Alerts

CVE Description

CVSSv2 Base Score

Component

Product and Resolution

CVE-2008-5077 Improper Input Validation vulnerability

5.8

OpenSSL in XCP1113 Firmware

Sun SPARC Enterprise M3000	SPARC: 14216085
Sun SPARC Enterprise M4000	SPARC: 14216091
Sun SPARC Enterprise M5000	SPARC: 14216093
Sun SPARC Enterprise M8000	SPARC: 14216096
Sun SPARC Enterprise M9000	SPARC: 14216098

CVE-2008-7270 Cryptographic Issues vulnerability

4.3

CVE-2009-0590 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability

5.0

CVE-2009-3245 Improper Input Validation vulnerability

10.0

CVE-2010-4180 Cipher suite downgrade vulnerability

4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Related posts about /Alerts

Alerts for when Login Failures Strike

as seen on SQL Team - Search for 'SQL Team'
When repeated SQL Server login failures occur, a DBA should investigate. It could just be someone repeatedly typing in the wrong password. Worst case is a virus attack flooding your network with connection requests. Receiving an e-mail while login failures are occurring allows DBAs to investigate… >>> More
Nagios Statistics for Notifications/Alerts

as seen on Server Fault - Search for 'Server Fault'
We have had our Nagios installation up for a year, and we are now required to give some statistics on how much it has worked and what it has done in the environment. As such, I was wondering if anyone knows if Nagios also holds data records on how many alerts and notifications it sends out? I am… >>> More
CVE-2006-3744 Multiple Integer overflow vulnerabilities in ImageMagick

as seen on Oracle Blogs - Search for 'Oracle Blogs'
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2006-3744 Numeric Errors vulnerability 5.1 ImageMagick Solaris 10 SPARC: 136882-03 X86: 136883-03 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information… >>> More
CVE-2014-3520 Privilege Escalation vulnerability in OpenStack Keystone

as seen on Oracle Blogs - Search for 'Oracle Blogs'
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3520 Privilege Escalation vulnerability 3.5 OpenStack Identity (Keystone) Solaris 11.2 11.2.1.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product… >>> More
CVE-2011-2896 Buffer overflow vulnerability in GIMP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2896 Buffer Overflow vulnerability 5.1 GIMP Image Editor Solaris 10 SPARC: 147988-01 X86: 147989-01 Solaris 11 Express snv_151a + 7079990 This notification describes vulnerabilities fixed in third-party components that… >>> More

Developer IT