Category
Security
Release Phase
Resolved
Bug Id
6636987
ProductSolaris 10 Operating System
Date of Resolved Release11-Jun-2008
Security Vulnerability in the Solaris 10 Event Port Implementation May Lead to a System Panic (See below for Details)
1. Impact
A security vulnerability in the Solaris 10 event port implementation
may lead to a system panic when executing an application program that
submits and retreives user-defined events from a port. This may
allow a local unprivileged user to cause a system panic resulting in
Denial of Service (DoS) condition in the affected host.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 137111-01
x86 Platform
- Solaris 10 without patch 137112-01
Note: Solaris 8 and Solaris 9 are not impacted by this issue.
3. Symptoms
If the described issue occurs, the following panic string and stack trace may be seen:
BAD TRAP: type=31 rp=2a102e39720 addr=30 mmu_fsr=0
occurred in module "genunix" due to a NULL pointer dereference
<trap>genunix:pollwakeup+0x28()
genunix:port_send_event+0x114()
portfs:port_send+0x48()
portfs:portfs+0x250(?)
unix:syscall_trap+0xac()
4. Workaround
There is no workaround for this issue. Please see the Resolution section below.
5. Resolution
This issue is addressed in the following release:
SPARC Platform
- Solaris 10 with patch 137111-01 or later
x86 Platform
- Solaris 10 with patch 137112-01 or later
For more information on Security Sun Alerts, see
References
137111-01
137112-01
References
SUNPATCH:137111-01
SUNPATCH:137112-01
AttachmentsThis solution has no attachment