Note: This is an archival copy of Security Sun Alert 244026 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019696.1.
Date of Resolved Release
A security vulnerability in the process file system (proc(4)):
A security vulnerability in the process file system (proc(4)) when interacting with the contract(4) file system may allow a local unprivileged user the ability to panic the system or execute arbitrary commands with all (super-user) privileges. The ability to panic a system is a type of Denial of Service (DoS).
Sun acknowledges with thanks, Ilja van Sprundel from IOActive for bringing this issue to our attention.
This issue is also referenced in the following IOActive advisory:
This issue can occur in the following releases:
If the described issue is exploited to cause a Denial of Service (DoS), the system may panic with a stack strace similar to the following:
ctmpl_set()There are no predictable symptoms which would indicate that this issue has been exploited to gain elevated privileges.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment