Note: This is an archival copy of Security Sun Alert 201340 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001014.1.
Article ID : 1001014.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-08-30
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Vulnerability With the Special File System (SPECFS) strfreectty() Function May Allow a Local Unprivileged User to Panic a System

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6322179

Date of Resolved Release
31-AUG-2007

Impact

A security vulnerability in the Special File System (SPECFS) strfreectty() function may allow an unprivileged local user to panic the system, creating a Denial of Service (DoS).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patches 109025-07 and 117350-49
  • Solaris 9 without patch 122300-11
  • Solaris 10 without patch 118822-24

x86 Platform

  • Solaris 8 without patches 109026-08 and 117351-49
  • Solaris 9 without patch 122301-11
  • Solaris 10 without patch 118844-24

Symptoms

The panic stack backtrace will show strfreectty() erroneously passing a NULL pointer to pgsignal().


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patches 109025-07 or later and 117350-49 or later
  • Solaris 9 with patch 122300-11 or later
  • Solaris 10 with patch 118822-24 or later

x86 Platform

  • Solaris 8 with patches 109026-08 or later and 117351-49 or later
  • Solaris 9 with patch 122301-11 or later
  • Solaris 10 with patch 118844-24 or later


References

118822-24
118844-24
122300-11
122301-11
109025-07
117350-49
117351-49
109026-08




Attachments
This solution has no attachment