Note: This is an archival copy of Security Sun Alert 257848 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020411.1.
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Resolved Release
Security Vulnerability in the Solaris Kernel Involving the Interaction of the Filesystem and Virtual Memory Subsystems
A security vulnerability in the Solaris kernel related to the interaction of the filesystem and virtual memory subsystems may allow a local unprivileged user to cause the system to slow down and eventually cease operating, thereby resulting in a Denial of Service (DoS).
2. Contributing Factors
OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows:
$ uname -v
If this issue is exploited to cause a Denial of Service (DoS), the system may slow down gradually and eventually stop all activities. When using the ps(1) command to examine the process information, the ps(1) command may never complete, and it may not be possible to terminate it with the kill(1) command or an interrupt signal (normally mapped to 'Ctrl+C' on the keyboard). There may be a kernel thread stuck on a page lock indicated through a stack similar to the following (this could be seen, for example, using a kernel debugger such as mdb(1)):
page_lock_es()Note that while CR#1246893 exhibits the symptom described as above, this symptom may not be unique to this bug.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment