Note: This is an archival copy of Security Sun Alert 200594 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000456.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Resolved Release
A security vulnerability in the Solaris libsldap library may allow a local unprivileged user to disable the Name Service Caching Daemon (see nscd(1M)) causing name service lookups to be slower (as caching will not occur), therefore causing a Denial of Service (DoS) condition.
This issue can occur in the following releases:
Note: This issue only affects hosts which are configured as LDAP clients. The existence of the ldap_cachemgr(1M) process indicates that a host is configured as an LDAP client. This can be determined by using the following command:
$ pgrep ldap_cachemgr || echo "system is not an LDAP client
On Solaris 8 and 9, the nscd(1M) daemon will core dump and stop running. On Solaris 10, the nscd(1M) daemon will core dump and will be restarted automatically by Service Management Facility (SMF - see smf(5)).
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
This solution has no attachment