Note: This is an archival copy of Security Sun Alert 247346 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019840.1.
Solaris 9 Operating System
Solaris 10 Operating System
Date of Resolved Release
A Security Vulnerability in the libxml2 Library May Lead to Denial of Service (DoS)
A security vulnerability in the libxml2 library (see libxml2(3)) bundled with Solaris 9 and Solaris 10 may allow a local or remote unprivileged user who provides a specially crafted XML file to cause a denial of service (DoS) to the application which is using the libxml2 library (or potentially to the system as a whole as the application may consume excessive resources). This vulnerability may impact applications making use of this library, and the precise impact will vary depending on the application.
Additional information regarding this issue is available in the following document:
CVE-2008-3529 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529
2. Contributing Factors
This issue can occur in the following releases:
If this issue is exploited, the application which makes use of the libxml2 library to process the crafted XML file may be unresponsive, possibly consuming all available CPU or memory resources while looping. Commands such as prstat(1M) can be used to determine the utilization of system resources, as in the following example:
$ prstat -s cpu
There is no workaround for this issue. Please see the Resolution section below.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment