Note: This is an archival copy of Security Sun Alert 231402 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1018975.1. |
Category Security Release Phase Resolved 6557371, 6609144, 6610117 Product Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris Date of Workaround Release 24-Nov-2009 Date of Resolved Release 17-Sep-2010 Denial of Service Vulnerabilities in ldap_cachemgr(1M) Daemon 1. Impact Multiple security vulnerabilities in the LDAP client configuration cache daemon (ldap_cachemgr(1M)) may allow a local unprivileged user to terminate the ldap_cachemgr daemon. On Solaris 9 and 10 systems this will prevent LDAP name service requests from succeeding. This is a type of Denial of Service (DoS) as LDAP name service requests will hang and users may no longer be able to login to LDAP client systems. On Solaris 8 systems, LDAP name service requests will be slower, as caching will not occur which is also a type of Denial of Service (DoS). 2. Contributing Factors These issues can occur in the following releases: SPARC Platform:
1. Solaris 8 entered EOSL Phase 2 on 1 April 2009. Entitlement to patches developed on or after 1 April 2009 requires the purchase of the Solaris 8 Vintage Patch Service. See Note in section 5 for more details. 2. These issues only affect systems configured as native LDAP clients. To determine if a system is configured as a native LDAP client, the following command can be run: $ test -f /var/ldap/ldap_client_file || echo "System is not an LDAP client"3. Symptoms The ldap_cachemgr(1M) daemon would no longer be running despite the presence of the '/var/ldap/ldap_client_file' file. LDAP name service requests for any services configured to use LDAP in the nsswitch.conf(4) file will fail on Solaris 9 and 10 and take longer to succeed on Solaris 8. Solaris 10 systems would show the smf(5) service identifier for the ldap_cachemgr service, svc:/network/ldap/client:default, in the maintenance state. The service's status can be checked using svcs(1): $ svcs svc:/network/ldap/client:default4. Workaround There is no workaround for these issues. Please see the Resolution section below. 5. Resolution These issues are addressed in the following releases: SPARC Platform:
Note: The READMEs of Solaris 8 patches developed on or after 1 April 2009 are available to all customers however Solaris 8 entered EOSL Phase 2 on April 1, 2009 and thus entitlement for these patches, including those that fix security vulnerabilities, requires the purchase of the Solaris 8 Vintage Patch Service. More information about the Solaris 8 Vintage Patch Service is available at: http://www.sun.com/service/eosl/Solaris8.htmlFor more information on Security Sun Alerts, see 1009886.1. References127954-04127111-07 112960-69 114242-54 128624-05 128625-05 128624-05 128624-14 128625-05 128625-14 Modification History
17-Sep-2010: Updated Contributing Factors and Resolution sections, now
Resolved |
|