Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Bug Id
4807798
Date of Resolved Release10-MAY-2005
Impact
A local unprivileged user may be able to create a denial of service by killing the automountd(1M) daemon. This would affect all applications that utilize autofs(4) file systems which are automatically mounted by the automountd(1M) daemon.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 7 without patch 119423-01
-
Solaris 8 without patch 116997-01
-
Solaris 9 without patch 117485-01
x86 Platform
-
Solaris 7 without patch 119424-01
-
Solaris 8 without patch 116998-01
-
Solaris 9 without patch 117486-01
Note: Solaris 10 does not have Federated Naming Services (FNS) and is not impacted by this issue.
The described issue only occurs if all of the following conditions are true:
-
Federated Naming Services (FNS) support for X.500 directory context is installed
-
Federated Naming Services (FNS) is enabled in "/etc/auto_master" (This is the default)
-
autofs(4) is installed and started at boot (This is the default)
-
FNS X.500 configuration (/etc/fn/x500.conf) references a valid LDAP server. By default the configuration includes a server named "ldap"
To determine if FNS support for X.500 directory context is installed, the following command can be run:
$ pkginfo SUNWfnsx5
system SUNWfnsx5 FNS Support For X.500 Directory Context
To determine if FNS is enabled in "/etc/auto_master", the following command can be run:
$ grep /xfn /etc/auto_master
/xfn -xfn
To determine if autofs(4) is installed and started at boot, the following command can be run:
$ pkginfo SUNWatfsu
system SUNWatfsu AutoFS, (Usr)
$ ls /etc/rc2.d/S74autofs
/etc/rc2.d/S74autofs
To determine if FNS X.500 configuration references a valid LDAP server, the following command can be run:
$ grep ldap /etc/fn/x500.conf
# x500-access: <ordered list of "xds" and/or "ldap">
# ldap-servers: <ordered list of hostnames and/or IP addresses>
x500-access: xds ldap
ldap-servers: localhost ldap
$ getent hosts ldap
64.124.140.199 ldap.sun.com
Note: This issue is very rarely encountered even on systems that meet all of the conditions listed above.
Symptoms
If the described issue occurs, the automountd(1M) process is absent. This can be seen by using the pgrep(1m) command:
$ pgrep automountd || echo "automountd process NOT found!"
In general, processes or applications attempting to access files or directories that rely on autofs(4) may fail with error messages such as "no such file or directory" or "does not exist". As an example, the Bourne shell (/usr/bin/sh) attempting to change directory to a known autofs(4) path would result in the following:
$ cd /share/local
/share/local: does not exist
Workaround
To work around the described issue, one of the following options can be applied:
Option 1
Restart automountd(1M) using the following command as root:
# pgrep automountd || /etc/init.d/autofs start
The following simple Bourne script will check and restart automountd(1M) as necessary:
# while pgrep automountd || /etc/init.d/autofs start; do sleep 10; done
Option 2
If FNS X.500 is not intended to be used with LDAP, remove the server name "ldap" from the "/etc/fn/x500.conf" file.
Option 3
Remove the "/xfn" entry from the "auto_master" mapfile (either in files or NIS, NIS+, or LDAP).
Option 4
If FNS is not being used, remove the FNS packages:
SUNWfns Federated Naming System
SUNWfnsx Federated Naming System (64-bit)
SUNWfnsx5 FNS Support For X.500 Directory Context
Refer to the pkgrm(1M) command for additional information on removing packages.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 7 with patch 119423-01 or later
-
Solaris 8 with patch 116997-01 or later
-
Solaris 9 with patch 117485-01 or later
x86 Platform
-
Solaris 7 with patch 119424-01 or later
-
Solaris 8 with patch 116998-01 or later
-
Solaris 9 with patch 117486-01 or later
Modification History
References
119423-01
116997-01
117485-01
119424-01
116998-01
117486-01
AttachmentsThis solution has no attachment