Category
Security
Category
Availability
Release Phase
Resolved
Bug Id
6749743
ProductSolaris 10 Operating System
OpenSolaris
Date of Resolved Release30-Jun-2009
Solaris Kernel udp(7p) may Cause Certain Trusted Configurations to Panic ... (see below):
1. Impact
A patch regression in Solaris kernel udp(7p) may cause certain Solaris Trusted Extensions
configurations to panic at boot time, making the system unavailable.
This issue may also allow remote or local unprivileged users to panic
the system, thereby causing a Denial of Service (DoS) to the system as a whole.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 with patch 138888-03 or patch 139555-08 and without patch 141414-02
- OpenSolaris based upon builds snv_90 through snv_108
x86 Platform
- Solaris 10 with patch 138889-03 or patch 139556-08 and without patch 141415-04
- OpenSolaris based upon builds snv_90 through snv_108
Note: OpenSolaris distributions may include additional bug fixes above and beyond the build from
which it was derived. The base build can be derived as follows:
$ uname -v
snv_101
Notes: Solaris 8 and 9 are not impacted by this issue.
This issue only impacts systems which have Solaris Trusted Extensions installed
and running. To determine if Trusted Extensions is installed and running on a host,
execute the following command as root in the global zone:
# svcs labeld
online 16:19:20 svc:/system/labeld:default
If Trusted Extensions is configured and running, the labeld service will have an instance in the online state.
3. Symptoms
If this issue occurs, the system may panic with a stack trace similar to the following:
crgetlabel()
ip_wput_local+0x561()
ip_wput_ire+0x2bed()
ip_output_options+0x3c7()
udp_output_v4+0x442()
udp_output+0x145()
udp_wput_data+0xd1()
Certain systems may panic repeatedly, becoming unavailable until the
resolution patches are applied and the system is rebooted.
4. Workaround
There is no workaround to this issue. See the 'Resolution' section below"
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 141414-02 or later
- OpenSolaris based upon builds snv_109 or later
x86 Platform
- Solaris 10 with patch 141415-04 or later
- OpenSolaris based upon builds snv_109 or later
For more information on Security Sun Alerts, see
References
141414-02
141415-04
This regression was caused by the putback for CR 6401076
which was not backported to s10.
References
SUNPATCH:141414-02
SUNPATCH:141415-04
AttachmentsThis solution has no attachment