Note: This is an archival copy of Security Sun Alert 201513 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001130.1.
Article ID : 1001130.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2008-01-10
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Solaris 10 Related to the dotoprocs() Routine

Category
Security

Release Phase
Resolved

Product
Solaris 10 Operating System

Bug Id
6428658

Date of Resolved Release
11-JAN-2008

Impact

A security vulnerability with the dotoprocs() routine in Solaris 10 may allow a local unprivileged user to panic the system.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 127111-06

x86 Platform

  • Solaris 10 without patch 127112-06

Note: Solaris 8 and Solaris 9 are not impacted by this issue.


Symptoms

If the described issue has been exploited, the system will panic with a "BAD TRAP" error message and dotoprocs() will be found in the panic stacktrace.


Workaround

There is no workaround for this issue. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 127111-06 or later

x86 Platform

  • Solaris 10 with patch 127112-06 or later


References

127111-06
127112-06




Attachments
This solution has no attachment