Note: This is an archival copy of Security Sun Alert 258588 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020445.1.
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Resolved Release
Security vulnerability in the Solaris sendfile(3EXT) and sendfilev(3EXT) extended library functions may result in a Denial of Service (DoS) condition due to a system panic:
A security vulnerability in the Solaris sendfile(3EXT) and sendfilev(3EXT) extended library functions may allow a local unprivileged user to panic the system, causing a Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
$ uname -v
Note 2: Solaris 8 entered EOSL Phase 2 on 1 April 2009. Entitlement to patches developed on or after 1 April 2009 requires the purchase of the Solaris 8 Vintage Patch Service. See note in section 5 for more details.
If the described issue occurs, the system may panic with a stack trace similar to the following:
panic[cpu1]/thread=c8491660: Deadlock: cycle in blocking chain4. Workaround
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment