Note: This is an archival copy of Security Sun Alert 200510 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000388.1.
Article ID : 1000388.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-05-04
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

automountd(1M) May Stop When Accessing "/xfn/_x500"

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4807798

Date of Resolved Release
10-MAY-2005

Impact

A local unprivileged user may be able to create a denial of service by killing the automountd(1M) daemon. This would affect all applications that utilize autofs(4) file systems which are automatically mounted by the automountd(1M) daemon.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 7 without patch 119423-01
  • Solaris 8 without patch 116997-01
  • Solaris 9 without patch 117485-01

x86 Platform

  • Solaris 7 without patch 119424-01
  • Solaris 8 without patch 116998-01
  • Solaris 9 without patch 117486-01

Note: Solaris 10 does not have Federated Naming Services (FNS) and is not impacted by this issue.

The described issue only occurs if all of the following conditions are true:

  1. Federated Naming Services (FNS) support for X.500 directory context is installed
  2. Federated Naming Services (FNS) is enabled in "/etc/auto_master" (This is the default)
  3. autofs(4) is installed and started at boot (This is the default)
  4. FNS X.500 configuration (/etc/fn/x500.conf) references a valid LDAP server. By default the configuration includes a server named "ldap"

To determine if FNS support for X.500 directory context is installed, the following command can be run: 

    $ pkginfo SUNWfnsx5
system      SUNWfnsx5      FNS Support For X.500 Directory Context

To determine if FNS is enabled in "/etc/auto_master", the following command can be run: 

    $ grep /xfn /etc/auto_master
/xfn            -xfn

To determine if autofs(4) is installed and started at boot, the following command can be run: 

    $ pkginfo SUNWatfsu
system      SUNWatfsu      AutoFS, (Usr)
$ ls /etc/rc2.d/S74autofs
/etc/rc2.d/S74autofs

To determine if FNS X.500 configuration references a valid LDAP server, the following command can be run: 

    $ grep ldap /etc/fn/x500.conf
#    x500-access:    <ordered list of "xds" and/or "ldap">
#    ldap-servers:   <ordered list of hostnames and/or IP addresses>
x500-access:    xds ldap
ldap-servers:   localhost ldap
$ getent hosts ldap
64.124.140.199  ldap.sun.com

Note: This issue is very rarely encountered even on systems that meet all of the conditions listed above.


Symptoms

If the described issue occurs, the automountd(1M) process is absent. This can be seen by using the pgrep(1m) command: 

    $ pgrep automountd || echo "automountd process NOT found!"

In general, processes or applications attempting to access files or directories that rely on autofs(4) may fail with error messages such as "no such file or directory" or "does not exist". As an example, the Bourne shell (/usr/bin/sh) attempting to change directory to a known autofs(4) path would result in the following: 

$ cd /share/local
/share/local:  does not exist

Workaround

To work around the described issue, one of the following options can be applied:

Option 1

Restart automountd(1M) using the following command as root: 

    # pgrep automountd || /etc/init.d/autofs start

The following simple Bourne script will check and restart automountd(1M) as necessary: 

    # while pgrep automountd || /etc/init.d/autofs start; do sleep 10; done

Option 2

If FNS X.500 is not intended to be used with LDAP, remove the server name "ldap" from the "/etc/fn/x500.conf" file.

Option 3

Remove the "/xfn" entry from the "auto_master" mapfile (either in files or NIS, NIS+, or LDAP).

Option 4

If FNS is not being used, remove the FNS packages: 

    SUNWfns        Federated Naming System
SUNWfnsx       Federated Naming System (64-bit)
SUNWfnsx5      FNS Support For X.500 Directory Context

Refer to the pkgrm(1M) command for additional information on removing packages.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 7 with patch 119423-01 or later
  • Solaris 8 with patch 116997-01 or later
  • Solaris 9 with patch 117485-01 or later

x86 Platform

  • Solaris 7 with patch 119424-01 or later
  • Solaris 8 with patch 116998-01 or later
  • Solaris 9 with patch 117486-01 or later


Modification History

References
 119423-01

 116997-01

 117485-01

 119424-01

 116998-01

 117486-01



                                                                                           


Attachments
This solution has no attachment