Note: This is an archival copy of Security Sun Alert 200585 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000447.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 10 Operating System Bug Id 6476279 Date of Workaround Release 12-DEC-2006 Date of Resolved Release 23-APR-2007 Impact Two security vulnerabilities in the OpenSSL product may lead to a Denial of Service (DoS) in applications which make use of this product. Depending on the individual application, these vulnerabilities may allow a local or remote unprivileged user to provide data to the application which will cause it to consume excessive amounts of CPU time or system memory. OpenSSL is shipped with Solaris 10 (see openssl(5)). This library is not shipped with Solaris 9, however, a number of Solaris 9 applications statically link against this library and may be affected by these vulnerabilities. This Sun Alert provides details about the individual patches which should be installed to update the OpenSSL product on Solaris 10 and all potentially impacted Solaris 9 applications. These issues are also referenced at the following URLs:
The WAN Boot application, which is shipped with Solaris 9 and Solaris 10, is impacted by these vulnerabilities. For more information, please see Sun Alert 102759. Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Note 1: Solaris 8 is not impacted by this issue. Note 2: Solaris 9 does not ship with OpenSSL libraries which can be used for third-party application linking. Symptoms If either of the two issues mentioned above have been exploited, processes belonging to the affected applications will be consuming unusually large amounts of CPU time or memory, and applications running on the system may be slow or unresponsive. Commands such as prstat(1M) can be used to determine the utilization of system resources, for example: $ prstat -s cpu [...] $ prstat -s size [...]
Workaround There is no workaround for this issue. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 23-APR-2007
Date: 08-NOV-2007
References121229-02121230-02 113273-14 114356-11 113713-24 114357-10 114858-11 114568-23 Attachments This solution has no attachment |
|