Vigil@nce: Solaris, denial of service of applications using libICE
December 2008 by Vigil@nce
A network attacker can generate an error in libICE, stopping
applications linked with this library.
– Gravity: 2/4
– Consequences: denial of service of service
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 15/12/2008
IMPACTED PRODUCTS
– OpenSolaris
– Sun Solaris
– Sun Trusted Solaris
DESCRIPTION
The libICE library (X Inter Client Exchange) is used by Gnome
software.
An attacker can use a port scanner to generate a segmentation
error in libICE. Technical details are unknown. This vulnerability
is a variant of VIGILANCE-VUL-6010 (https://vigilance.fr/tree/1/6010).
This vulnerability therefore can therefore be used to generate a
denial of service on applications linked with libICE.
CHARACTERISTICS
– Identifiers: 243566, 6748600, BID-32807, VIGILANCE-VUL-8331
– Url: http://vigilance.fr/vulnerability/8331