Note: This is an archival copy of Security Sun Alert 200606 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000468.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Resolved Release
Security vulnerabilities in certain ioctl(2) functions in the ata(7D) disk driver may allow a local unprivileged user to panic the system, causing a Denial of Service (DoS) condition.
These issues can occur in the following releases:
To determine if the ata(7D) kernel module is in use, the following command can be run:
% modinfo | grep -w ata
Should the described issues occur, the system may panic and generate a stack trace similar to one of the following:
32 bit i386 system:
ata_disk_ioctl+0x16f() dadk_ioctl+0x1d7() cmdkioctl+0x361() cdev_ioctl+0x2b() spec_ioctl+0x62() fop_ioctl+0x24() ioctl+0x199() sys_sysenter+0x101()
64 bit i386 system:
ata_disk_ioctl+0x14c() dadk_ioctl+0x225() cmdkioctl+0x1d8() cdev_ioctl+0x1d() spec_ioctl+0x50() fop_ioctl+0x25() ioctl+0xac() sys_syscall32+0x101()
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
This solution has no attachment