Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Bug Id
6433123, 6433124
Date of Resolved Release21-AUG-2007
Impact
Security vulnerabilities in certain ioctl(2) functions in the ata(7D) disk driver may allow a local unprivileged user to panic the system, causing a Denial of Service (DoS) condition.
Contributing Factors
These issues can occur in the following releases:
x86 Platform
- Solaris 8 without patch 109798-04
- Solaris 9 without patch 117122-03
- Solaris 10 without patch 123779-02
Notes:
- The SPARC platform is not affected by these issues.
- These issues only affect x86 systems which have ATA disks installed.
- Bug 6433123 concerns two affected ioctls which impact Solaris 8,9 and 10, while Bug 6433124 concerns one additional ioctl which only impacts Solaris 10.
To determine if the ata(7D) kernel module is in use, the following command can be run:
% modinfo | grep -w ata
Symptoms
Should the described issues occur, the system may panic and generate a stack trace similar to one of the following:
32 bit i386 system:
ata_disk_ioctl+0x16f()
dadk_ioctl+0x1d7()
cmdkioctl+0x361()
cdev_ioctl+0x2b()
spec_ioctl+0x62()
fop_ioctl+0x24()
ioctl+0x199()
sys_sysenter+0x101()
64 bit i386 system:
ata_disk_ioctl+0x14c()
dadk_ioctl+0x225()
cmdkioctl+0x1d8()
cdev_ioctl+0x1d()
spec_ioctl+0x50()
fop_ioctl+0x25()
ioctl+0xac()
sys_syscall32+0x101()
Workaround
There is no workaround for these issues. Please see the Resolution section below.
Resolution
These issues are addressed in the following releases:
x86 Platform
- Solaris 8 with patch 109798-04 or later
- Solaris 9 with patch 117122-03 or later
- Solaris 10 with patch 123779-02 or later
References
123779-02
109798-04
117122-03
AttachmentsThis solution has no attachment