Sun Solaris 'sendfilev()' Local Denial of Service Vulnerability

BID:30654

Info

Sun Solaris 'sendfilev()' Local Denial of Service Vulnerability

Bugtraq ID: 30654
Class: Unknown
CVE: CVE-2008-3666
Remote: No
Local: Yes
Published: Aug 11 2008 12:00AM
Updated: May 07 2015 05:25PM
Credit: Sun Microsystems
Vulnerable: Sun Solaris 10_x86
Sun Solaris 10_sparc
Sun OpenSolaris build snv_95
Sun OpenSolaris build snv_92
Sun OpenSolaris build snv_91
Sun OpenSolaris build snv_90
Sun OpenSolaris build snv_89
Sun OpenSolaris build snv_88
Sun OpenSolaris build snv_68
Sun OpenSolaris build snv_67
Sun OpenSolaris build snv_64
Sun OpenSolaris build snv_39
Sun OpenSolaris build snv_22
Sun OpenSolaris build snv_19
Sun OpenSolaris build snv_13
Sun OpenSolaris build snv_02
Sun OpenSolaris build snv_01
Avaya Interactive Response 3.0
Avaya Interactive Response 2.0
Not Vulnerable: Sun OpenSolaris build snv_96

Discussion

Sun Solaris 'sendfilev()' Local Denial of Service Vulnerability

The Sun Solaris 'sendfilev()' system call is prone to a local denial-of-service vulnerability.

A local unprivileged attacker can exploit this issue to trigger a system hang or panic, resulting in a denial-of-service condition.

This issue affects Solaris 10 and OpenSolaris versions prior to build snv_95 for SPARC and x86 platforms.

Exploit / POC

Sun Solaris 'sendfilev()' Local Denial of Service Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Sun Solaris 'sendfilev()' Local Denial of Service Vulnerability

Solution:
Sun has released patches and an advisory. Please see the references for more information.


Sun Solaris 10_x86

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report