Sun Microsystems Inc. Information for VU#266817

Multiple Sun RPC-based libc implementations fails to provide time-out mechanism when reading data from TCP connections

Status

Affected

Vendor Statement

Sun confirms that this denial-of-service vulnerability does affect the following supported versions of Solaris:

Solaris 2.6 and 7

Solaris 8 and 9 are not affected by this issue.

Patches are available for Solaris 2.6 and 7 and are listed in a Sun Alert soon to be available from:

http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/50391

Sun patches are available from:

http://sunsolve.sun.com/securitypatch

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.