Note: This is an archival copy of Security Sun Alert 201432 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001080.1.
Solaris 9 Operating System
Solaris 8 Operating System
Date of Resolved Release
A local unprivileged user may be able to panic a system causing a Denial of Service due to a security vulnerability involving the sendfilev(3EXT) function.
This issue can occur in the following releases:
Note: Solaris 7 is not impacted by this issue. Solaris 2.6 will not be evaluated regarding the potential impact of the issue described in this Sun Alert document.
If the described issue occurs, the panic stack trace will be similar to the following:
vpanic(100548c0, 10416110, 300028fc550, 30002acb4e4, 30002acb4e0, 6c6c007300) rw_panic+0x58(10416110, 300028fc550, 1, 300028fc550, 30002acb4e4, 1) sendvec_chunk+0x354(19c, c, c, 1, 8058, 300028fc4a8) sendvec+0x154(30001e8a5c0, 8f981094, 2a10066b7b0, 2a10066b930, 1, c) sendfilev+0x118(c, c, 8f981094, 8f981094, 8f9810a4, 0) syscall_trap32+0xa8(0, c, 8f981094, 1, 8f9810a4, f98154c4)
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment