Category
Security
Release Phase
Resolved
ProductSolaris 10 Operating System
Bug Id
6598913, 6598910
Date of Resolved Release09-OCT-2007
Impact
Two Security Vulnerabilities in Solaris Trusted Extensions label daemon (labeld) may allow a local unprivileged user to stop Trusted Extensions services from running on a system. When this occurs, all existing Trusted Desktop sessions would hang and unprivileged users may not be able to log in to the affected trusted system. This creates a Denial of Service (DoS) condition.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 126448-04
x86 Platform
- Solaris 10 without patch 126449-04
Note: Solaris 8 and Solaris 9 are not impacted by these issues.
To determine if a system is configured with Trusted Extensions, the following command can be run:
$ svcs /system/labeld
STATE STIME FMRI
online 07:08:09 svc:/system/labeld:default
If the state is disabled or if "/system/labeld" service is not listed, then the system is not configured to use Trusted Extensions.
Symptoms
Should the described issue occur, a Trusted Extensions service "svc:/system/labeld" would be in a "maintenance" state.
To determine the state of the "labeld" service, the following command can be run:
$ svcs /system/labeld
STATE STIME FMRI
maintenance 07:08:09 svc:/system/labeld:default
Workaround
There is no workaround. Please see the Resolution section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 126448-04 or later
x86 Platform
- Solaris 10 with patch 126449-04 or later
References
126448-04
126449-04
AttachmentsThis solution has no attachment