Note: This is an archival copy of Security Sun Alert 200658 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000515.1.
Article ID : 1000515.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-01-01
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

NFS Denial of Service can be Caused by a Client Application Killing the lockd(1M) Daemon

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 2.5.1
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4492876

Date of Workaround Release
16-OCT-2002

Date of Resolved Release
02-JAN-2003

Impact

An unauthorized local or remote user may be able to kill the lockd(1M) daemon. The resulting absence of the "lockd" daemon will stop any future NFS client operations that require file locking.


Contributing Factors

This issue can occur in the following releases:

SPARC

  • Solaris 2.5.1 without patches 103640-42 and 104334-02
  • Solaris 2.6 without patch 105181-33
  • Solaris 7 without patches 106541-23 and 109744-02
  • Solaris 8 without patches 109783-02 and 111321-03
  • Solaris 9 without patches 113278-01 and 113279-01

Intel

  • Solaris 2.5.1 without patches 103641-42 and 104335-02
  • Solaris 2.6 without patch 105182-33
  • Solaris 7 without patches 106542-23 and 109745-02
  • Solaris 8 without patches 109784-02 and 111322-03

Symptoms

Should the described issue be encountered, the "lockd" process will no longer be running (this can be checked using the "ps -ef" command). If the "lockd" process has been started in debug mode (by using the "-d 1" option), a message similar to the following is logged in the "/var/adm/messages" file: 

    Oct  8 13:39:41 flower unix: svc_tli_kcreate returned 134

NFS client operations that require file locking will hang.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC

  • Solaris 2.5.1 with patches 103640-42 and 104334-02 or later
  • Solaris 2.6 with patch 105181-33 or later
  • Solaris 7 with patches 106541-23 and 109744-02 or later
  • Solaris 8 with patches 109783-02 and 111321-03 or later
  • Solaris 9 with patches 113278-01 and 113279-01 or later

Intel

  • Solaris 2.5.1 with patches 103641-42 and 104335-02 or later
  • Solaris 2.6 with patch 105182-33 or later
  • Solaris 7 with patches 106542-23 and 109745-02 or later
  • Solaris 8 with patches 109784-02 and 111322-03 or later



Modification History
Date: 02-JAN-2003
  • Date Released: added 02-Jan-2003
  • Date Closed: 02-Jan-2003
  • Updated Contributing Factors and Resolution sections



References

105181-33
105182-33
106541-23
109744-02
106542-23
109745-02
109783-02
111321-03
109784-02
111322-03
113278-01
113279-01
104334-02
104335-02




Attachments
This solution has no attachment