Note: This is an archival copy of Security Sun Alert 262408 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020658.1.
Solaris 10 Operating System
Date of Resolved Release
Security Vulnerability in the Solaris IP(7P) Multicast Reception May Lead to a Denial of Service (DoS) Condition
A security vulnerability in the Solaris IP(7P) multicast reception may allow local unprivileged users to leak kernel memory, thereby causing a Denial of Service (DoS) condition.
2. Contributing Factors
This issue can occur in the following releases:
OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows:
$ uname -v3. Symptoms
1. If the described issue occurs, the following messages may be displayed on the system console or in the '/var/adm/messages' file, as in the following example:"
phyint_reach_random: SIOCSLIFLNKINFO (interface <ifname>):2. A forced coredump generated from unresponsive systems which have the 'kmem_flags' variable set to 0xf in the '/etc/system' file (see system(4) for modifying this file) may show the following memory leaks:
kmem_cache_alloc_debug()The following command can be executed as "root" user to find memory leaks in the coredump files:
# echo ::findleaks -dv | /usr/bin/mdb -k unix.# vmcore.# > findleak.txt(Where # is the current core dump number). Open findleak.txt to confirm the above stack trace.
3. Live debugging may be done on systems which have the 'kmem_flags' variable set in the "/etc/system" file. This may be done by executing the following command as "root" on the system console:
#/usr/bin/mdb -K (enter kmdb)The output of 'findleaks -dv' may show the memory leaks described above.
There is no workaround for this issue. Please see the 'Resolution' section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment