Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Bug Id
5046783
Date of Resolved Release16-JUL-2004
Impact
A local unprivileged user may be able to panic Solaris 9 systems which have Solaris Volume Manager (SVM) devices configured. This is a type of Denial of Service (DoS) attack.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 9 without patch 113073-13
x86 Platform
-
Solaris 9 without patch 113994-22
A system is only vulnerable to this issue if SVM devices are configured, which can be determined by running the metastat(1M) command. If SVM devices exist, output will be similar to the following:
d0: Mirror
Submirror 0: d10
State: Okay
Pass: 1
Read option: roundrobin (default)
Write option: parallel (default)
Size: 4198392 blocks
d10: Submirror of d0
State: Okay
Size: 4198392 blocks
Stripe 0:
Device Start Block Dbase State Hot Spare
c0t1d0s4 0 No Okay
Note: Solstice Disksuite (SDS) 4.x is not affected; hence Solaris 7 and 8 with SDS installed is not affected.
Symptoms
Should this issue occur, the system will produce a stack trace similiar to the following:
vpanic(......)
vmem_hash_delete+0xdc(.....)
vmem_xfree+0x1c(.....)
mirror_admin_ioctl+0x888(......)
md_admin_ioctl+0x130(.....)
mdioctl+0x90(......)
ioctl+0x184(......)
syscall_trap32+0xa8(......)
Workaround
There is no workaround. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 9 with patch 113073-13 or later
x86 Platform
-
Solaris 9 with patch 113994-22 or later
Modification History
References
113073-13
113994-22
AttachmentsThis solution has no attachment