Note: This is an archival copy of Security Sun Alert 243566 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019677.1.
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Resolved Release
A security vulnerability in the X Inter Client Exchange library (libICE):
A security vulnerability in the X Inter Client Exchange library (libICE) may allow a local or remote unprivileged user to crash an application that dynamically links to libICE. The ability to crash an application is a type of Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
To determine the base build of OpenSolaris, the following command can be used:
$ uname -vNote 2: Only OpenSolaris installations including the affected library "/usr/lib/libICE.so.6" or the corresponding 64-bit library, "/usr/lib/amd64/libICE.so.6" are impacted by this issue.
To determine if an application is linked with the libICE library, the ldd(1) utility can be utilized:
$ ldd /usr/openwin/bin/xset | grep libICENote 3: Applications that don't list the libICE library as a dynamic dependency in the ldd(1) output may open the library during process execution using functions such as dlopen(3C) and therefore may still be impacted.
If the described issue occurs, the application linked to the libICE library will exit. A Segmentation Fault error message and core(4) file may be generated. A typical stack trace will be similar to the following:
fed37065 _IceRead (8196cf0, 8, 81aca00) + adA number of applications that are comprised of the GNOME desktop environment dynamically link with libICE. This may cause users to be logged out of the GNOME desktop environment with a dialog message stating that the Gnome session manager has crashed. When this dialog box is closed, the session exits.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment