CVE-2008-3666

Name of the Vulnerable Software and Affected Versions Sun Solaris versions 10 and earlier OpenSolaris versions prior to snv 96

Description The issue allows context-dependent attackers to cause a denial of service via vectors involving creation of a crafted file and use of the sendfilev system call. Local users can also cause a denial of service via a call to the sendfile system call, as reachable through the sendfilev library. This can be demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured.

Recommendations For Sun Solaris 10 and earlier, update to a version later than the affected ones. For OpenSolaris prior to snv 96, update to a version later than snv 96. As a temporary workaround, consider restricting the use of the sendfilev system call and the sendfile system call until a patch is available.