CERT-In Advisory CIAD-2006-21
Denial of Service vulnerabilities in Sun Solaris

Original issue date: July 18, 2006

Severity Rating: High

Systems Affected

Sun Solaris version 8/9/10 on SPARC and x86 platforms

Overview

Multiple vulnerabilities have been reported in Sun Solaris, which could be exploited by remote users to cause a Denial of Service.

Description

NIS server ypserv (1M) Denial of Service vulnerability

A vulnerability has been reported in ypserv (1M) NIS server process. A remote attacker could exploit this vulnerability by sending a specially crafted yp data to the ypserv (1M) NIS server process to prevent it from responding to any NIS name service request and this could lead to denial of service on the remote server.

X Inter Client Exchange library (libICE) Denial of Service vulnerability

A vulnerability has been reported in X Inter Client Exchange library (libICE) due to exceptional handling error in the library. A remote attacker could exploit this vulnerability by sending specially crafted data to crash the applications that dynamically link to the vulnerable libICE library .

Solution

Apply appropriate patches suggested by the vendor

Vendor Information

SUN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102462-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102503-1

References

Security Tracker
ttp://securitytracker.com/alerts/2006/Jul/1016494.html http://securitytracker.com/alerts/2006/Jul/1016495.html

Fr-SIRT
http://www.frsirt.com/english/advisories/2006/2800

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91 11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003