Note: This is an archival copy of Security Sun Alert 200726 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000574.1.
Article ID : 1000574.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2004-01-11
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability Involving the tcsetattr(3C) Library Function on SPARC Based Systems

Category
Security

Release Phase
Resolved

Product
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4360114

Date of Resolved Release
30-JAN-2004

Impact

On SPARC based Solaris systems, a security vulnerability in the tcsetattr(3C) library function may allow an unprivileged local user the ability to hang the system hard which is a type of Denial of Service (DoS).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 2.6 without patch 105924-12
  • Solaris 7 without patch 107589-06
  • Solaris 8 without patch 109815-20

Note: Solaris 9 and Solaris on the x86 platform are not affected by this issue.


Symptoms

If the described issue occurs, the system will be unresponsive, and a reboot is typically required to regain functionality.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 2.6 with patch 105924-12 or later
  • Solaris 7 with patch 107589-06 or later
  • Solaris 8 with patch 109815-20 or later
  • Solaris 9


Modification History

References
 105924-12

 107589-06

 109815-20



                                                                                               


Attachments
This solution has no attachment