Category
Security
Release Phase
Resolved
ProductSolaris 10 Operating System
Bug Id
6458704
Date of Resolved Release13-JUN-2007
Impact
A security vulnerability in Solaris 10 related to the handling of XDR data within NFS requests may allow a local or remote unprivileged user to panic a Solaris system that is configured to run as an NFS server, resulting in a Denial of Service (DoS).
Sun wishes to thank Andrzej Dereszowski for bringing this issue to our attention.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 125100-01
x86 Platform
- Solaris 10 without patch 125101-01
Notes:
- Solaris 8 and 9 are not impacted by this issue.
- This issue will only affect systems configured to run as NFS servers.
To determine if a Solaris 10 system is configured to run as an NFS server, the following command can be run:
$ svcs nfs/server
STATE STIME FMRI
online 14:30:59 svc:/network/nfs/server:default
If the above command reports that NFS services are enabled (see smf(5)), the system may be vulnerable.
Symptoms
Should the described issue occur, the system may panic with a stack trace which ends similar to the following:
xdrmblk_getint32+0xb4(...)
xdr_bool+0x70(...)
...
Workaround
To prevent this issue until patches can be installed, NFS services may be disabled on the affected system by running the following command:
# svcadm disable nfs/server
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 125100-01 or later
x86 Platform
- Solaris 10 with patch 125101-01 or later
Note:
Revisions prior to -04 of the above listed patches do not list bug 6458704 in the READMEs, however, this discrepancy is limited to the README; installation of these patches will in fact resolve this issue.
When originally released, the READMEs for patches 124250 and 124251, revisions -01 to -03, incorrectly stated that those patches contained the fix for bug 6458704. Even if one of those two patches are installed on a system, either patch 125100-01 or 125101-01 (or later revisions) must be installed to resolve this issue (and patches 124250-01 and 124251-01 are not required to resolve this issue).
References
125100-01
125101-01
AttachmentsThis solution has no attachment