Note: This is an archival copy of Security Sun Alert 200891 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000679.1.
Solaris 10 Operating System
Date of Resolved Release
A security vulnerability in Solaris 10 may allow a local unprivileged user the ability to panic the system using the special "/net" mount point (or a similarly configured mount point which uses the "-hosts" special map), creating a Denial of Service (DoS) condition.
This issue can occur in the following releases:
Note: Solaris 8 and Solaris 9 are not impacted by this issue.
This issue only affects systems which have the autofs(4) service enabled and a "-hosts" entry in the "/etc/auto_master" file.
To determine if a system has the autofs(4) service enabled, the svcs(1) command can be used:
$ svcs svc:/system/filesystem/autofs:default STATE STIME FMRI online Mar_20 svc:/system/filesystem/autofs:default
To determine if a "-hosts" entry is present in the "/etc/auto_master" file, the grep(1) utility can be used:
$ grep -- -hosts /etc/auto_master /net -hosts -nosuid,nobrowse
If the described issue occurs, the system will panic with a stack trace similar to the following:
bad stack overflow at TL 1 setjmp() panicsys() vpanic() panic() ptl1_panic_handler() fbread () blkatoff() ufs_dirlook ufs_lookup() fop_lookup() lo_lookup()
To work around the described issue, comment out or remove the following entry from the "/etc/auto_master" file:
/net -hosts -nosuid,nobrowse
Note: All mounts contained in the "/net" directory will need to be unmounted, and the automount(1M) command will need to be used for the above change to take effect.
If it's not possible to unmount any of the mounts in the "/net" directory due to the file system being busy, then the system will need to be rebooted after the "auto_master" file has been altered.
This issue is addressed in the following releases:
This solution has no attachment