Note: This is an archival copy of Security Sun Alert 231402 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1018975.1.
Article ID : 1018975.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-09-17
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Denial of Service Vulnerabilities in ldap_cachemgr(1M) Daemon



Category
Security

Release Phase
Resolved

Bug Id
6557371, 6609144, 6610117

Product
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
OpenSolaris

Date of Workaround Release
24-Nov-2009

Date of Resolved Release
17-Sep-2010

Denial of Service Vulnerabilities in ldap_cachemgr(1M) Daemon

1. Impact

Multiple security vulnerabilities in the LDAP client configuration cache daemon (ldap_cachemgr(1M)) may allow a local unprivileged user to terminate the ldap_cachemgr daemon. On Solaris 9 and 10 systems this will prevent LDAP name service requests from succeeding. This is a type of Denial of Service (DoS) as LDAP name service requests will hang and users may no longer be able to login to LDAP client systems. On Solaris 8 systems, LDAP name service requests will be slower, as caching will not occur which is also a type of Denial of Service (DoS).

2. Contributing Factors

These issues can occur in the following releases:

SPARC Platform:
  • Solaris 8 without patches 128624-05 and 128624-14
  • Solaris 9 without patch 112960-69
  • Solaris 10 without patch 127111-07
  • OpenSolaris based upon builds snv_01 through snv_77
x86 Platform:
  • Solaris 8 without patches 128625-05 and 128625-14
  • Solaris 9 without patch 114242-54
  • Solaris 10 without patch 127954-04
  • OpenSolaris based upon builds snv_01 through snv_77
Notes:

1. Solaris 8 entered EOSL Phase 2 on 1 April 2009. Entitlement to patches developed on or after 1 April 2009 requires the purchase of the Solaris 8 Vintage Patch Service. See Note in section 5 for more details.

2. These issues only affect systems configured as native LDAP clients.

To determine if a system is configured as a native LDAP client, the following command can be run:
 $ test -f /var/ldap/ldap_client_file || echo "System is not an LDAP client"

3. Symptoms

The ldap_cachemgr(1M) daemon would no longer be running despite the presence of the '/var/ldap/ldap_client_file' file. LDAP name service requests for any services configured to use LDAP in the nsswitch.conf(4) file will fail on Solaris 9 and 10 and take longer to succeed on Solaris 8. Solaris 10 systems would show the smf(5) service identifier for the ldap_cachemgr service, svc:/network/ldap/client:default, in the maintenance state. The service's status can be checked using svcs(1):
 $ svcs svc:/network/ldap/client:default
STATE STIME FMRI
maintenance 1:23:45 svc:/network/ldap/client:default

4. Workaround

There is no workaround for these issues. Please see the Resolution section below.

5. Resolution

These issues are addressed in the following releases:

SPARC Platform:
  • Solaris 8 with patches 128624-05 or later and 128624-14 or later
  • Solaris 9 with patch 112960-69 or later
  • Solaris 10 with patch 127111-07 or later
  • OpenSolaris based upon builds snv_78 or later
x86 Platform:
  • Solaris 8 with patches 128625-05 or later and 128625-14 or later
  • Solaris 9 with patch 114242-54 or later
  • Solaris 10 with patch 127954-04 or later
  • OpenSolaris based upon builds snv_78 or later
Note: These Solaris 8 patches resolve some but not all of the vulnerabilities in the LDAP client configuration cache daemon.

Note: The READMEs of Solaris 8 patches developed on or after 1 April 2009 are available to all customers however Solaris 8 entered EOSL Phase 2 on April 1, 2009 and thus entitlement for these patches, including those that fix security vulnerabilities, requires the purchase of the Solaris 8 Vintage Patch Service. More information about the Solaris 8 Vintage Patch Service is available at:
http://www.sun.com/service/eosl/Solaris8.html
For more information on Security Sun Alerts, see 1009886.1.

References

127954-04
127111-07
112960-69
114242-54
128624-05
128625-05
128624-05
128624-14
128625-05
128625-14

Modification History

17-Sep-2010: Updated Contributing Factors and Resolution sections, now Resolved





Attachments
This solution has no attachment