Sun Cluster Vulnerable to OpenSSL Flaw
Page 1 of 1
on Wednesday warned that systems running Sun Cluster 3.x with SunPlex Manager configured were at risk of takeover because of known flaws in the OpenSSL
In a security advisory, Sun recommended that the SunPlex Manager be disabled until a comprehensive patch is ready, warning that exploitation of the vulnerability could lead to arbitrary code execution and denial-of-service scenarios.
Independent research firm Secunia is rating the vulnerability as "moderately critical."
The confirmation of the system access and DoS
All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay were updated. The OpenSSL project said any application that makes use of OpenSSL's ASN1 library to parse untrusted data was also susceptible.
The OpenSSL holes carries a "highly critical" rating.