From; Panda Oxygen3 24h-365d wrote: "A hero is no braver than an ordinary man, but he is braver five minutes longer." Ralph Waldo Emerson, (1803-1882) US essayist & poet. - Local vulnerability in Sun Solaris libc - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, June 8, 2005 - Sun has reported, at http://sunsolve.sun.com/search/document.do?assetkey=1-26-101740-1, a vulnerability in the Sun Solaris 10 'libc' and 'libproject' libraries, which could allow a local attacker to gain additional system privileges. The problem lies in the possibility of a local user calling 'libproject(3LIB)' to exploit a flaw in the 'libc(3LIB)' function '__init_suid_priv()' to gain additional privileges and even obtain root access. Sun has released the following updates: - For the SPARC platform: http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=119689-02&method=h - For the x86 platform: http://sunsolve.sun.com/pub-cgi/pdownload.pl?target=118345-03&method=h NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1)Qhost.gen; 2)Netsky.P; 3)Sdbot.ftp; 4)Mhtredir.gen; 5)Shinwow.E. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member