HOME > VULNERABILITY NOTES


   VULNERABILITY NOTE

CERT-In Vulnerability Note CIVN-2008-141
Vulnerability in the Solaris sendfilev() system call

Original Issue Date: September 03, 2008

Severity Rating: Low

System Affected

  • Solaris 10
  • OpenSolaris based upon builds snv_01 through snv_95

Overview

A vulnerability has been reported in Sun Solaris sendfilev() system call that may allow local malicious user to cause Denial of Service.

Description

sendfilev() is a system call in solaris10. A vulnerability exists in Sun Solaris, sendfilev() system call. This may allow a local user may bring the device in panic by creating a carefully crafted web-page, if Apache 2.2x is running on Solaris 10. Such attempt may leads to DoS attack.

Solutions

Apply appropriate patches as suggested by vendor
  • SPARC Platform
    • Solaris 10 without patch 137111-04
    • OpenSolaris based upon builds snv_96 or later

  • x86 Platform
    • Solaris 10 without patch 137112-04
    • OpenSolaris based upon builds snv_96 or later

Vendor Information

SUN
http://sunsolve.sun.com/search/document.do?assetkey=
1-66-239186-1

References

Secunia
http://secunia.com/advisories/31426/

SecurityFocus
http://www.securityfocus.com/bid/30654

FrSIRT
http://www.frsirt.com/english/advisories/2008/2337

IBM ISS
http://xforce.iss.net/xforce/xfdb/44396

CVE Name
CVE-2008-3666

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003