Note: This is an archival copy of Security Sun Alert 200443 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000324.1.
Article ID : 1000324.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-04-26
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability Using find(1) to Search "/proc" May Cause a Denial of Service (DoS) Condition

Category
Security

Release Phase
Resolved

Product
Solaris 10 Operating System

Bug Id
6291662

Date of Resolved Release
11-JAN-2006

Impact

A local unprivileged user running find(1) against the "/proc" filesystem may panic the system, creating a Denial of Service (DoS) condition.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 118822-24

x86 Platform

  • Solaris 10 without patch 118844-24

Note: Solaris 8 and 9 are not affected by this issue.

This issue can occur when the find(1) command is run by an unprivileged user to search the "/proc" file system.


Symptoms

The system will panic with a stack trace similar to the following:

    recursive rw_enter, lp=XXXXXXXXXXX wwwh=XXXXXXXXXXX thread=XXXXXXXXXXX
    vpanic()
    as_fault()
    pagefault()
    trap()
    ktl0()
    uiomove()
    gfs_readdir_emit_int()
    gfs_readdir_pred()
    pr_readdir_objectdir()
    getdents64()
    syscall_trap32()

(where XXXXXXXXXXXX are hexadecimal numbers).


Workaround

There is no workaround to this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 118822-24 or later

x86 Platform

  • Solaris 10 with patch 118844-24 or later


References

118822-24
118844-24




Attachments
This solution has no attachment