Category
Security
Release Phase
Resolved
ProductSolaris 10 Operating System
Bug Id
6526639
Date of Resolved Release29-NOV-2007
Impact
A security vulnerability with Fibre Channel Protocol driver (fcp(7D)) and Devices File System (devfs(7FS)) in Solaris 10 may allow a local unprivileged user to cause commands such as cfgadm(1M) or format(1M) to hang when run, or cause the system as a whole to hang. This is a type of denial of service (DoS) to the system.
Note: This issue may also occur accidentally and not as a result of a Denial of Service attempt.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 128491-01
x86 Platform
- Solaris 10 without patch 128492-01
Note 1: Solaris 8 and Solaris 9 are not impacted by this issue.
Note 2: This issue is due to a race condition between the Fibre Channel protocol driver (fcp(7D)) and the devfs(7FS) file system. When Solaris 10 first shipped, this condition was very unlikely to be seen and no occurrences were reported. However, the fibre channel device driver patch 119130-25 for SPARC systems and patch 119131-25 for x86 systems, introduces a retry mechanism in the driver which makes this issue more likely to occur.
A system is only vulnerable to this issue if it is using fibre-channel attached storage which is managed by Sun's SAN Foundation Software (SFS) fibre channel stack using the fp(7d) driver.
To determine if the fp(7d) driver is being used to manage fibre-channel attached storage, the following command can be used:
$ egrep "/fp@.*/" /etc/path_to_inst|head -1
"/pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w2100002037f3fbe1,0" 3 "ssd"
\_ fp driver is present in the device path
If no output is produced from the above command, the system is not vulnerable to this issue.
Symptoms
If the described issue occurs, commands such as cfgadm(1M) and format(1M) may hang indefinitely and attempts to kill them will fail. Alternatively, the system may completely hang.
Workaround
There is no workaround for this issue.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 128491-01 or later
x86 Platform
- Solaris 10 with patch 128492-01 or later
References
128491-01
128492-01
AttachmentsThis solution has no attachment