Note: This is an archival copy of Security Sun Alert 242486 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019623.1.
6687104, 6687105, 6687107, 6687108
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Resolved Release
Multiple Security Issues in the Doors Kernel Functionality
Multiple security vulnerabilities exist in the Doors subsystem of the Solaris kernel which may allow a local unprivileged user to hang any door server process, which is a type of Denial of Service (DoS).
These issues may also allow a local unprivileged user or a privileged user in a non-global zone the ability to access files without the necessary permissions or to potentially execute arbitrary code in the kernel context.
2. Contributing Factors
These issues can occur in the following releases:
$ uname -vTo identify if a process uses the Doors facility as a server, the following command can be run:
# pfiles [pid] | grep 'door to'
There are no predictable symptoms that would indicate the described vulnerabilities have been exploited.
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment