Note: This is an archival copy of Security Sun Alert 231402 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1018975.1.
6557371, 6609144, 6610117
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Denial of Service Vulnerabilities in ldap_cachemgr(1M) Daemon
Multiple security vulnerabilities in the LDAP client configuration cache daemon (ldap_cachemgr(1M)) may allow a local unprivileged user to terminate the ldap_cachemgr daemon. On Solaris 9 and 10 systems this will prevent LDAP name service requests from succeeding. This is a type of Denial of Service (DoS) as LDAP name service requests will hang and users may no longer be able to login to LDAP client systems. On Solaris 8 systems, LDAP name service requests will be slower, as caching will not occur which is also a type of Denial of Service (DoS).
2. Contributing Factors
These issues can occur in the following releases:
1. Solaris 8 entered EOSL Phase 2 on 1 April 2009. Entitlement to patches developed on or after 1 April 2009 requires the purchase of the Solaris 8 Vintage Patch Service. See Note in section 5 for more details.
2. These issues only affect systems configured as native LDAP clients.
To determine if a system is configured as a native LDAP client, the following command can be run:
$ test -f /var/ldap/ldap_client_file || echo "System is not an LDAP client"3. Symptoms
The ldap_cachemgr(1M) daemon would no longer be running despite the presence of the '/var/ldap/ldap_client_file' file. LDAP name service requests for any services configured to use LDAP in the nsswitch.conf(4) file will fail on Solaris 9 and 10 and take longer to succeed on Solaris 8. Solaris 10 systems would show the smf(5) service identifier for the ldap_cachemgr service, svc:/network/ldap/client:default, in the maintenance state. The service's status can be checked using svcs(1):
$ svcs svc:/network/ldap/client:default4. Workaround
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
Note: The READMEs of Solaris 8 patches developed on or after 1 April 2009 are available to all customers however Solaris 8 entered EOSL Phase 2 on April 1, 2009 and thus entitlement for these patches, including those that fix security vulnerabilities, requires the purchase of the Solaris 8 Vintage Patch Service. More information about the Solaris 8 Vintage Patch Service is available at:
For more information on Security Sun Alerts, see 1009886.1.
17-Sep-2010: Updated Contributing Factors and Resolution sections, now