Note: This is an archival copy of Security Sun Alert 201778 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001317.1.
Article ID : 1001317.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-10-05
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability May Allow the syslog(3C) Service to be Disabled



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6266921

Date of Resolved Release
25-SEP-2006

Impact

A security vulnerability may allow a local unprivileged user to disable the syslog(3c) function, resulting in the failure of messages to be written to the system log. Disabling of system logging constitutes a Denial of Service (DoS).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 117350-38
  • Solaris 9 without patch 118558-29
  • Solaris 10 without patch 118833-19

x86 Platform

  • Solaris 8 without patch 117351-38
  • Solaris 9 without patch 118559-29
  • Solaris 10 without patch 118855-16

Symptoms

Messages written by the logger(1) utility or applications calling syslog(3c) do not appear in the log files configured in syslog.conf(4).


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 117350-38 or later
  • Solaris 9 with patch 118558-29 or later
  • Solaris 10 with patch 118833-19 or later

x86 Platform

  • Solaris 8 with patch 117351-38 or later
  • Solaris 9 with patch 118559-29 or later
  • Solaris 10 with patch 118855-16 or later


References

117350-38
117351-38
118558-29
118559-29
118833-19
118855-16




Attachments
This solution has no attachment