Note: This is an archival copy of Security Sun Alert 258828 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020456.1.
Solaris 10 Operating System
Date of Resolved Release
A memory leak in the Solaris Ultra-SPARC T2 crypto provider device driver (n2cp(7D)) may result in a Denial of Service (DoS) to the system as a whole:
A memory leak in the Solaris Ultra-SPARC T2 crypto provider device driver (n2cp(7D)) may allow a local or remote unprivileged user to cause Denial of Service (DoS) to the system as a whole.
2. Contributing Factors
This issue can occur in the following releases:
Note 2: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows:
$ uname -vThis issue only impacts systems with UltraSPARC-T2 CPUs. To determine if a system contains this CPU, run the following command:
$ prtdiag | grep UltraSPARC-T2If a system is equipped with an UltraSPARC-T2 CPU the output of the above command will be similar to the following (output trimmed):
0 1167 MHz SUNW,UltraSPARC-T2 on-lineThis issue can be exploited remotely only in cases where there are services running on the system that use Solaris Crypto Framework for MAC/HMAC processing. To determine if the n2cp driver on the system is used for such processing, run the following command:
$ kstat -m n2cp | grep macIf any of the counters are greater than zero then the driver is used for that number of computations.
If the described issue occurs the kernel memory allocations may grow (which could be examined using a kernel debugger such as mdb(1)) and messages similar to the following may be displayed on the console:
n2cp: [ID 504468 kern.warning] WARNING: alloc_hmac_ctx: keylen(512) > maxlen(32)The following command can be used to observe the context allocations:
# echo '::kmastat ! grep n2cp_ctx_cache' | mdb -kIf the value in the 5th column (memory in use) increases over time then the issue described in this Sun Alert has occurred.
To work around the described issue, disable n2cp driver to be used for HMAC processing using the following command:
# /usr/sbin/cryptoadm disable provider=n2cp/0Applying this work around may impact performance of MAC/HMAC processing. For example, slowing down SSL connection processing. This impact can be noticeable depending on the workload.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment