Note: This is an archival copy of Security Sun Alert 242806 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019643.1.
Solaris 10 Operating System
Date of Resolved Release
Security vulnerability in the Solaris socket(3SOCKET) function:
Due to a security vulnerability in the socket(3SOCKET) function, Solaris systems without InfiniBand hardware, may allow an unprivileged local user to panic the system and thereby cause a denial of service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
Note 2: This issue only occurs on systems which do NOT have InfiniBand hardware.
To determine if a system has InfiniBand hardware installed, execute the following command:
# prtconf -D | egrep '(tavor|arbel|hermon)'If a system has InfiniBand hardware, the output of the above command will be similar to the following:
pci15b3,5a44, instance #0 (driver name: tavor)
Note 3: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived.
To determine the base build of OpenSolaris, the following command can be used:
$ uname -v3. Symptoms
If this issue is exploited to cause a denial of service (DoS), the kernel panics with a stack trace similar to the following:
ffffff0004ddcc70 unix:mutex_panic+73 ()The key identifying features of the panic is the "recursive mutex_enter" message and the presence of
"socksdpv_close()" in the stack trace.
There is no workaround to this issue. Please see the Resolution section below.
Note: Backing out the affected patches to resolve this issue is not advised since these kernel patches deliver many other security fixes that are required to protect your system.
This issue is resolved in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment