Note: This is an archival copy of Security Sun Alert 262048 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020634.1.
Article ID : 1020634.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-05
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A patch regression in Solaris Kernel udp(7p) may Cause Certain Trusted Configurations of Solaris to Panic or Become Vulnerable to Triggered Panics Resulting in a Denial of Service (DoS)



Category
Security

Category
Availability

Release Phase
Resolved

Bug Id
6749743

Product
Solaris 10 Operating System
OpenSolaris

Date of Resolved Release
30-Jun-2009

Solaris Kernel udp(7p) may Cause Certain Trusted Configurations to Panic ... (see below):

1. Impact

A patch regression in Solaris kernel udp(7p) may cause certain Solaris Trusted Extensions
configurations to panic at boot time, making the system unavailable.

This issue may also allow remote or local unprivileged users to panic
the system, thereby causing a Denial of Service (DoS) to the system as a whole.


2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 with patch 138888-03 or patch 139555-08 and without patch 141414-02
  • OpenSolaris based upon builds snv_90 through snv_108
x86 Platform
  • Solaris 10 with patch 138889-03 or patch 139556-08 and without patch 141415-04
  • OpenSolaris based upon builds snv_90 through snv_108

Note: OpenSolaris distributions may include additional bug fixes above and beyond the build from
which it was derived. The base build can be derived as follows:

         $ uname -v
snv_101

Notes: Solaris 8 and 9 are not impacted by this issue.

This issue only impacts systems which have Solaris Trusted Extensions installed
and running. To determine if Trusted Extensions is installed and running on a host,
execute the following command as root in the global zone:

	 # svcs labeld
online 16:19:20 svc:/system/labeld:default

If Trusted Extensions is configured and running, the labeld service will have an instance in the online state.


3. Symptoms

If this issue occurs, the system may panic with a stack trace similar to the following:

	crgetlabel()
ip_wput_local+0x561()
ip_wput_ire+0x2bed()
ip_output_options+0x3c7()
udp_output_v4+0x442()
udp_output+0x145()
udp_wput_data+0xd1()

Certain systems may panic repeatedly, becoming unavailable until the
resolution patches are applied and the system is rebooted.


4. Workaround

There is no workaround to this issue. See the 'Resolution' section below"


5. Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 141414-02 or later
  • OpenSolaris based upon builds snv_109 or later

x86 Platform

  • Solaris 10 with patch 141415-04 or later
  • OpenSolaris based upon builds snv_109 or later


For more information on Security Sun Alerts, see


References

141414-02
141415-04

This regression was caused by the putback for CR 6401076



which was not backported to s10.


References

SUNPATCH:141414-02
SUNPATCH:141415-04



Attachments
This solution has no attachment