Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Bug Id
4728034
Date of Resolved Release28-NOV-2007
Impact
A race condition security vulnerability in the Solaris Remote Procedure Call (RPC) Module may allow a local unprivileged user to panic the system, resulting in a Denial of Service (DoS) condition.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform:
- Solaris 8 without patch 116959-20
- Solaris 9 without patch 113278-18
- Solaris 10 without patch 127739-01
x86 Platform:
- Solaris 8 without patch 116960-20
- Solaris 9 without patch 119439-11
- Solaris 10 without patch 127740-01
Note: This issue only affects systems which have the 'rpcmod' kernel module loaded.
To determine if the the 'rpcmod' kernel module is loaded, the following command can be run:
$ modinfo -c | grep rpcmod || echo "System not impacted."
Symptoms
Should the described issue occur, the system may panic with a NULL pointer dereference and with a message similar to the following:
panic[cpu0]/thread=2a100717d40: 0x3000619cea0: BAD TRAP: type=31
rp=2a100716c50 addr=8 mmu_fsr=0 occurred in module "rpcmod" due to
a NULL pointer dereference.
Workaround
For some situations it may be possible to avoid loading rpcmod by not running RPC services on the system; however, this will remove RPC functionality. If this is not acceptable, please see the Resolution section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform:
- Solaris 8 with patch 116959-20 or later
- Solaris 9 with patch 113278-18 or later
- Solaris 10 with patch 127739-01 or later
x86 Platform:
- Solaris 8 with patch 116960-20 or later
- Solaris 9 with patch 119439-11 or later
- Solaris 10 with patch 127740-01 or later
References
127739-01
127740-01
113278-18
119439-11
116959-20
116960-20
AttachmentsThis solution has no attachment