Note: This is an archival copy of Security Sun Alert 200105 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000089.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
A local or remote unprivileged user may be able to trigger a race condition in the kernel and panic a system with certain SNMP requests. A local unprivileged user may be able to trigger the same race condition and panic a local system using certain invocations of ifconfig(1M) or netstat(1M).
This issue can occur in the following releases:
Note: Solaris 8 and 9 are not impacted by this issue.
A panic string and stack backtrace similar to the following:
udp_snmp_get+0x100(3012541a658, 0, ... snmpcom_req+0x33c(3012541a658, 300c12929c0, ... ip_snmpmod_wput+0xe4(3012541a658, 300c12929c0, ... putnext+0x218(3012541a750, 3012541a658, ... snmpcom_req+0x368(3012ef12668, 300c12929c0, ... icmp_wput_other+0x10c(3012ef12668, 300c12929c0, ... qdrain_syncq+0x74(3012ef126d0, 3012ef12668, ... drain_syncq+0x2e8(300fc1e01a0, 30124f34520, ... outer_exit+0x8c(300bd9f7ef0, 300fc1e01a0, ... qattach+0x144(3016d0a8d50, 2a1063bf758, ... strioctl+0x1aa4(300fc1f5ca8, 0, ... spec_ioctl+0x8c(2c00000315, 5302, ... fop_ioctl+0x20(3032dccfd80, 5302, ... ioctl+0x184(3, 3016fd2c290, 2073c, ... syscall_trap32+0xcc(3, 5302, ...
There is no workaround. Please see Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment