Note: This is an archival copy of Security Sun Alert 200598 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000460.1.
Article ID : 1000460.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-05-28
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Vulnerability in the Solaris 10 inetd(1M) Service May Lead to a Denial of Service (DoS) Condition



Category
Security

Release Phase
Resolved

Product
Solaris 10 Operating System

Bug Id
6553649

Date of Resolved Release
29-MAY-2007

Impact

A security vulnerability in the inetd(1M) service may allow a local unprivileged user the ability to shut down the inetd daemon process, causing a Denial of Service (DoS) to all internet services managed by the inetd(1M) process on the system.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform:

  • Solaris 10 without patch 121288-03

x86 Platform:

  • Solaris 10 without patch 121289-04

NOTE: Solaris 8 and 9 are not affected by this issue.

This issue affects all Solaris 10 systems with the inetd service enabled (svc:/network/inetd:default). To determine if the inetd service is enabled on a system, the following command can be run:

    $ svcs inetd

    STATE   STIME      FMRI

    online  11:23:16   svc:/network/inetd:default

If the command returns the state of the inetd service as 'online' (as in the above example) then the inetd service is enabled on the system.


Symptoms

Repeated attempts by unprivileged users to stop the inetd server may transition the inetd service to the "maintenance" state, thereby moving all internet services managed by inetd(1M) to the "offline" state.

To determine the state of the inetd service, the following command can be run:

    $ svcs inetd
    STATE          STIME      FMRI
    maintenance    12:00:23   svc:/network/inetd:default

Workaround

To prevent this issue from occurring until the patches listed in section 5 can be applied, the Unix domain socket file "/var/run/.inetd.uds" may be deleted after the inetd server starts. If this file has been deleted, the following commands must be run (as 'root' user) to restart or disable the inetd service:

To restart the inetd service:

    # pkill inetd

To disable the inetd service:

    # svcadm disable inetd
    # pkill inetd

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 121288-03 or later

x86 Platform

  • Solaris 10 with patch 121289-04 or later


References

121288-03
121289-04




Attachments
This solution has no attachment