Note: This is an archival copy of Security Sun Alert 266388 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020868.1.
Date of Resolved Release
A security vulnerability in SCTP (Stream Control Transmission Protocol (see sctp(7P))) and SDP (Sockets Direct Protocol driver (see sdp(7D))) sockets:
A security vulnerability in SCTP (Stream Control Transmission Protocol (see sctp(7P))) and SDP (Sockets Direct Protocol driver (see sdp(7D))) sockets may allow local unprivileged users to leak kernel memory, thereby causing a Denial of Service (DoS) condition.
2. Contributing Factors
This issue can occur in the following releases:
Note 2: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base build of OpenSolaris, the following command can be used:
$ uname -v
A saved crash dump of the kernel generated on unresponsive systems may show a large number of buffers being used by SCTP or SDP. The following command can be run to find buffer usage information from the operating system crash dump files:
$ echo ::kmastat -m | mdb # | egrep "sdp_conn_cache|sctp_conn_cache"Where # is the numerical suffix of the two operating system crash dump files. For example, if the suffix is "3", mdb infers that it should examine the files "unix.3" and "vmcore.3".
sctp_conn_cache 2264 1 7 0M 1 0The value in the third column indicates the number of buffers in use. If the value is much larger than the expected number of active connections, then a Denial of Service may have occurred.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment