Sun Microsystems Inc. Information for VU#266817

Multiple Sun RPC-based libc implementations fails to provide time-out mechanism when reading data from TCP connections



Vendor Statement

Sun confirms that this denial-of-service vulnerability does affect the following supported versions of Solaris:

Solaris 2.6 and 7

Solaris 8 and 9 are not affected by this issue.

Patches are available for Solaris 2.6 and 7 and are listed in a Sun Alert soon to be available from:


Sun patches are available from:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.