Note: This is an archival copy of Security Sun Alert 201935 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001432.1.
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Resolved Release
A local or remote unprivileged user may be able to terminate the syslogd(1M) daemon on a Solaris system by sending large sized syslog(3C) packets. As a result, system messages are no longer forwarded to log files or users as configured in the syslog.conf(4) file, which is a type of Denial of Service (DoS).
This issue is described in:
Sun acknowledges with thanks, David Thiel, for bringing this issue to our attention.
This issue can occur in the following releases:
If the syslogd(1M) daemon is no longer running, the system may have encountered the described issue. The following command can be executed to check if the "/usr/sbin/syslogd" process and the syslogd(1M) daemon are running on the system:
$ /usr/bin/ps -ef | grep syslogd root 336 1 0 Jun 12 ? 0:03 /usr/sbin/syslogd
The output as shown above indicates that the syslogd(1M) daemon is running.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment