Note: This is an archival copy of Security Sun Alert 201722 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001271.1.
Article ID : 1001271.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Vulnerability in the Sun Cluster Global File System May Allow an Unprivileged Local User to Panic a Cluster Node

Category
Security

Release Phase
Resolved

Bug Id
4863063

Date of Resolved Release
08-APR-2004

On a Sun Cluster File System, ...

1. Impact

On a Sun Cluster File System, an unprivileged local user could cause a Denial of Service (DoS) by exploiting a race condition. This exploitation could be used to cause a cluster node to panic.


2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Sun Cluster 3.0 for Solaris 8 without patch 110648-30
  • Sun Cluster 3.0 for Solaris 9 without patch 112563-12
  • Sun Cluster 3.1 for Solaris 8 without patch 113800-07
  • Sun Cluster 3.1 for Solaris 9 without patch 113801-07

Notes:

  1. Sun Cluster 2.x is not affected by this issue.
  2. This issue only impacts Sun Cluster systems that are using a global file system.

To determine if a file system is mounted as a global file system (in this example a database), run the following command: 

    $ mount | perl -ne 'split; print if ($_[3]=~/\bglobal\b/)'
/oracle/d1 on /dev/md/oracle/dsk/d1 read/write/intr/global/dev=4b002a0 on Tue Dec 30 09:42:12 2003

The above example shows that the file system "/oracle/d1" has been mounted with the global option.


3. Symptoms

The system panics with a "mutex_enter: bad mutex" message similar to the following: 

    panic[cpu0]/thread=30000d37920: mutex_enter: bad mutex, lp=30000b274e8 owner=300013eda00
thread=30000d37920
000002a100f71360 unix:mutex_panic+5c (10415c80, 30000b274e8, 8d, 30000e70098, 781c23a0, 1)
%l0-3: 000000001000c268 0000030000b274e8 000002a100fd7990 0000030000429f28
%l4-7: 0000000000000000 0000000000000000 000003000193f340 000003000193f258
000002a100f71410 pxfs:__0fWpxfs_llm_callback_implGsignali+4 (30001402bf0, 0, 781c23a0,
781c23d0, 0, 1041b428)
%l0-3: 0000030001402bf0 00000300006b8e78 0000000000000000 0000000000000001
%l4-7: 0000000000000000 0000000000000000 0000000000000000 000000007fffffff
000002a100f714c0
cl_comm:__0Fk_fs_pxfs_llm_callback_wakeup_receiveP65CfsRpxfs_llm_callbackR6Hservice+14
(30001402bf0, 2a100f71800, 2a100f71800, 0, 30000f34d50, 30000147f90)
%l0-3: 00000000782c741c 0000030000a0f438 00000000000001e0 00000300018875e0
%l4-7: 000003000012a1e8 000003000011c548 0000000000002000 0000000000000000

4. Workaround

To work around the described issue, disable access to Sun Cluster File Systems for unprivileged users. This can be accomplished by using setfacl(1) (as "root" user) to set an Access Control List to a Sun Cluster File System, as shown in the following example: 

    # setfacl -m user:bill:--- /global/nfs-set/dir1

Note: Users running applications that utilize a Sun Cluster File System must have the required permissions to access these file systems.


5. Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Sun Cluster 3.0 for Solaris 8 with patch 110648-30 or later
  • Sun Cluster 3.0 for Solaris 9 with patch 112563-12 or later
  • Sun Cluster 3.1 for Solaris 8 with patch 113800-07 or later
  • Sun Cluster 3.1 for Solaris 9 with patch 113801-07 or later

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.


Product
Sun Cluster 3.1

References

110648-30
112563-12
113800-07
113801-07





Attachments
This solution has no attachment