Note: This is an archival copy of Security Sun Alert 200079 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000063.1.
Article ID : 1000063.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-09-25
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Vulnerability in the Handling of Thread Contexts in the Solaris Kernel May Allow a Denial of Service (DoS)



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6351092

Date of Resolved Release
26-SEP-2007

Impact

A security vulnerability related to a race condition during the handling of thread contexts in the Solaris kernel may allow a local unprivileged user to panic the system and thereby cause a Denial of Service (DoS) condition.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 117350-48
  • Solaris 9 without patch 122300-10
  • Solaris 10 without patch 125100-02

x86 Platform

  • Solaris 8 without patch 117351-48
  • Solaris 9 without patch 122301-10
  • Solaris 10 without patch 125101-02

Symptoms

A number of different types of panic can result, making it difficult to quickly pin-point this issue as the cause. However, as an example, the following command can be run on a crash dump:

    # echo "*panic_thread::findstack !grep kcpc_free" |mdb unix.0 vmcore.0

and if output similar to the following is produced:

    000002a101168a61 kcpc_free+18()

it is likely that this issue has occurred.

Note: by default, crash dumps are written to "/var/crash/<uname -n>". See dumpadm(1M) for further information.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform:

  • Solaris 8 with patch 117350-48 or later
  • Solaris 9 with patch 122300-10 or later
  • Solaris 10 with patch 125100-02 or later

x86 Platform:

  • Solaris 8 with patch 117351-48 or later
  • Solaris 9 with patch 122301-10 or later
  • Solaris 10 with patch 125101-02 or later

Note: There are additional patches which complete the fix for 6351092 but these patches are not required to secure a system against the vulnerability in this Sun Alert. The additional patches are only required to ensure consistency with and correct functioning of the debug facilities on your system. (The Solaris 10 SPARC and x86 kernel patches and the Solaris 9 x86 patch deliver all the files for this change and so these releases are not listed below).

These additional patches which are not required to fix the vulnerability are:

SPARC Platform

  • Solaris 8 patches 109896-32, 116975-06, 126125-01, and 126131-01
  • Solaris 9 patches 115553-27 and 117127-03

x86 Platform

  • Solaris 8 patches 116976-04, 126126-01 and 126132-01


References

125100-02
125101-02
117350-48
122300-10
117351-48
122301-10




Attachments
This solution has no attachment