Note: This is an archival copy of Security Sun Alert 257708 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020403.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Security Vulnerabilities in DTrace (dtrace(1M)) ioctl(2) Handlers May Lead to a Denial of Service (DoS) Condition
Multiple security vulnerabilities in the DTrace (dtrace(1M)) ioctl(2) handlers may allow a local unprivileged user to cause a system panic, thereby leading to a Denial of Service (DoS) condition.
Sun acknowledges Neil Kettle for bringing this issue to our attention.
2. Contributing Factors
This issue can occur in the following releases:
OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base build of OpenSolaris, the following command can be run:
$ uname -vOnly those systems which have the package SUNWdtrp installed are affected by this issue. To determine if SUNWdtrp is installed, the following command may be run:
On Solaris 10:
$ pkginfo SUNWdtrpOn OpenSolaris:
$ pkg search SUNWdtrp
Should the described issue occur, the system may panic with a stack trace similar to one of the following:
Until the resolution patches can be be applied, users may work around the described issue by preventing unprivileged users from accessing the vulnerable devices. This may be done by running the following commands as the 'root' user:
# chmod o-rw /dev/dtrace/helper
# chmod o-rw /dev/dtrace/provider/fasttrap
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
05-Jun-2009: Updated Contributing Factors and Resolution sections; Resolved
This solution has no attachment