Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 8 Operating System
Bug Id
4725286
Date of Resolved Release22-APR-2004
Impact
A local unprivileged user may be able to panic a system causing a Denial of Service due to a security vulnerability involving the sendfilev(3EXT) function.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 8 without patch 108528-27
-
Solaris 9 without patch 112233-12
x86 Platform
-
Solaris 8 without patch 108529-27
-
Solaris 9 without patch 112234-12
Note: Solaris 7 is not impacted by this issue. Solaris 2.6 will not be evaluated regarding the potential impact of the issue described in this Sun Alert document.
Symptoms
If the described issue occurs, the panic stack trace will be similar to the following:
vpanic(100548c0, 10416110, 300028fc550, 30002acb4e4, 30002acb4e0, 6c6c007300)
rw_panic+0x58(10416110, 300028fc550, 1, 300028fc550, 30002acb4e4, 1)
sendvec_chunk+0x354(19c, c, c, 1, 8058, 300028fc4a8)
sendvec+0x154(30001e8a5c0, 8f981094, 2a10066b7b0, 2a10066b930, 1, c)
sendfilev+0x118(c, c, 8f981094, 8f981094, 8f9810a4, 0)
syscall_trap32+0xa8(0, c, 8f981094, 1, 8f9810a4, f98154c4)
Workaround
There is no workaround. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 8 with patch 108528-27 or later
-
Solaris 9 with patch 112233-12 or later
x86 Platform
-
Solaris 8 with patch 108529-27 or later
-
Solaris 9 with patch 112234-12 or later
Modification History
References
108528-27
108529-27
112233-12
112234-12
AttachmentsThis solution has no attachment