Note: This is an archival copy of Security Sun Alert 200181 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000135.1.
Article ID : 1000135.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-05-20
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in SunForum Involving the H.323 Protocol


Release Phase

Bug Id

Date of Workaround Release

Date of Resolved Release


Unprivileged local or remote users may be able to kill the SunForum process due to its improper handling of H.323 traffic. This is a type of Denial of Service (DoS).

This issue is described in NISCC Vulnerability Advisory 006489/H323 (see: which is referenced in CERT Advisory CA-2004-01 (see:

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • SunForum 3.2 (for Solaris 2.6, 7, 8, and 9) or earlier without patch 111526-15
  • SunForum 3D 1.0 (for Solaris 8 and 9)


Should the described issue occur, the affected "SunForum" process may die due to a segmentation violation ("SEGV" signal). A core file may be generated in the working directory which "SunForum" was started in.


Until patches are available and can be applied, sites may wish to block access to the H.323 services from untrusted networks such as the Internet. Use a firewall or other packet-filtering technology to block the appropriate network ports:

  • 1720/TCP
  • 1720/UDP

Note: These are default ports only and may vary on a site-by-site basis. Consult your vendor or your firewall documentation for detailed instructions on how to configure the ports.


This issue is addressed in the following releases:

  • SunForum 3.2 (for Solaris 2.6, 7, 8, and 9) or earlier with patch 111526-15 or later

Note: SunForum 3D 1.0 will require an upgrade to SunForum 3.2 with patch 111526-15 to resolve this issue.

Modification History
Date: 16-JAN-2004
  • Updated Impact, Symptoms and Relief/Workaround sections

Date: 15-JUN-2004
  • Updated Impact and Relief/Workaround sections

Date: 12-NOV-2007
  • State: Resolved
  • Updated Resolution section



This solution has no attachment