Note: This is an archival copy of Security Sun Alert 201687 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001252.1.
Solaris 9 Operating System
Date of Resolved Release
A local unprivileged user may be able to panic Solaris 9 systems which have Solaris Volume Manager (SVM) devices configured. This is a type of Denial of Service (DoS) attack.
This issue can occur in the following releases:
A system is only vulnerable to this issue if SVM devices are configured, which can be determined by running the metastat(1M) command. If SVM devices exist, output will be similar to the following:
d0: Mirror Submirror 0: d10 State: Okay Pass: 1 Read option: roundrobin (default) Write option: parallel (default) Size: 4198392 blocks d10: Submirror of d0 State: Okay Size: 4198392 blocks Stripe 0: Device Start Block Dbase State Hot Spare c0t1d0s4 0 No Okay
Note: Solstice Disksuite (SDS) 4.x is not affected; hence Solaris 7 and 8 with SDS installed is not affected.
Should this issue occur, the system will produce a stack trace similiar to the following:
vpanic(......) vmem_hash_delete+0xdc(.....) vmem_xfree+0x1c(.....) mirror_admin_ioctl+0x888(......) md_admin_ioctl+0x130(.....) mdioctl+0x90(......) ioctl+0x184(......) syscall_trap32+0xa8(......)
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment