Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 8 Operating System
Bug Id
6379034
Date of Resolved Release13-JUL-2006
Impact
A local or remote unprivileged user may be able to crash an application which dynamically links to the X Inter Client Exchange library (libICE) due to a security vulnerability in libICE. The ability to crash an application is a type of Denial of Service (DoS). A number of applications which comprise the GNOME desktop environment dynamically link with libICE.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 8 without patch 119067-02
- Solaris 9 without patch 112785-53
x86 Platform
- Solaris 8 without patch 119068-02
- Solaris 9 without patch 112786-42
Note: Solaris 10 is not affected by this issue.
To determine if an application is linked with the libICE library, the ldd(1) utility can be utilized as in the following example:
$ ldd /usr/openwin/bin/xset | grep libICE
libICE.so.6 => /usr/openwin/lib/libICE.so.6
Symptoms
If the described issue occurs, the application which links to the libICE library will exit and may generate an error message about a Segmentation Fault and may also write a core(4) file.
Workaround
There is no workaround. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 8 with patch 119067-02 or later
- Solaris 9 with patch 112785-53 or later
x86 Platform
- Solaris 8 with patch 119068-02 or later
- Solaris 9 with patch 112786-42 or later
References
112786-42
119068-02
119067-02
112785-53
AttachmentsThis solution has no attachment