Note: This is an archival copy of Security Sun Alert 243106 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019658.1.
Solstice X.25 9.2
Date of Resolved Release
A security vulnerability in Solstice X.25 may allow a local unprivileged user with read permission for "/dev/xty" to panic a system with multiple CPUs:
A security vulnerability in Solstice X.25 may allow a local unprivileged user with read permission for "/dev/xty" to panic a system with multiple CPUs. The ability to panic a system is a type of Denial of Service (DoS).
Note: The default permissions for "/dev/xty" are "crw-rw-rw-" which allows all local users read access.
2. Contributing Factors
This issue can occur in the following releases:
$ psrinfoTo determine if X.25 is installed and which version, run the following command:
% pkginfo -l SUNWx25a | grep VERSIONIf the VERSION string is returned (along with the corresponding version), the system has Solstice X.25 installed. If nothing is returned, then X.25 is not installed.
If the described issue occurs, the system will panic with a stack trace similar to the following:
000002a1002d0b51 qfill_syncq+0x30(30001b194a8, 300077e4980, 0, 3000718daf0, 30001b194a8, 30006f52f3c)4. Workaround
To work around this issue, access to the "/dev/xty" device can be reduced using the chmod(1) command. As this reduces the usability of the device, the choice of permissions must be made depending on required device availability.
This issue is addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment