Note: This is an archival copy of Security Sun Alert 238414 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019316.1.
Article ID : 1019316.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-05-20
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Service Tag Registry May Allow Denial of Service

Category
Security

Category
Data Loss

Release Phase
Resolved

Bug Id
6628819

Product
Sun Service Tag 1.0

Date of Resolved Release
03-Jun-2008

A security vulnerability in the Service Tag Registry (see below for details)

1. Impact

A security vulnerability in the Service Tag Registry may 
allow a local unprivileged user to fill the '/var' filesystem on a 
host, which may result in a Denial of Service (DoS) to any 
functionality that depends on that fileystem.

2. Contributing Factors

This issue can occur in the following releases:
SPARC Platform
  • Solaris 10 8/07 without patch 136839-01
  • Java Enterprise System (Java ES) 5 under Solaris 10
  • Solaris 8 with Sun Service Tag 1.0, 1.1, and 1.1.1, downloaded from the Sun Download Center
  • Solaris 9 with Sun Service Tag 1.0, 1.1, and 1.1.1, downloaded from the Sun Download Center
  • Solaris 10  with Sun Service Tag 1.0, 1.1, and 1.1.1, downloaded from the Sun Download Center
x86 Platform
  • Solaris 10 8/07 without patch 136840-01
  • Java Enterprise System (Java ES) 5 under Solaris 10
  • Solaris 10  with Sun Service Tag 1.0, 1.1, and 1.1.1, downloaded from the Sun Download Center
Enterprise Linux
  • Sun Service Tag RPM version 1.1 and 1.1.1, downloaded from the Sun Download Center
This vulnerability can be exploited with or without the two
Service Tag network services (stlisten and stdiscover) being enabled.

   Note 1: Only systems with the Sun Service Tag infrastructure installed
           are vulnerable to this issue. To determine if it is installed,
           execute the following command:

             On the Solaris platform:
                $ pkginfo SUNWservicetagr                                      

             On the Enterprise Linux platform:
                $ rpm -q sun-servicetag

   Note 2: The Service Tag product on the Windows platform is not
           affected by this vulnerability.

3. Symptoms

If this issue is exploited to cause a Denial of Service (DoS) to           
the system the /var filesystem may become full, causing           
applications and services which depend on this filesystem to fail.

4. Workaround 

There is no workaround for this issue. Please see the Resolution section below.

5. Resolution

This issue is addressed in the following releases:
   
SPARC Platform
  • Solaris 10 8/07 or Java Enterprise System (Java ES) 5 under
Solaris 10 with patch 136839-01 or higher
  • For Solaris 8, 9, and 10 systems on which Sun Service Tag was manually installed via a download from the Sun Download Center, version 1.1.2 or higher should be retrieved via the "Download Service Tags" link at:

      https://inventory.sun.com/inventory/
 
Then, the current packages should be removed:

      # pkgrm SUNWstosreg SUNWservicetagu SUNWservicetagr

and finally the new packages should be installed, via pkgadd(1M),
as mentioned in the enclosed README from the Service Tag download.


x86 Platform

  • Solaris 10 8/07 or Java Enterprise System (Java ES) 5 under Solaris 10 with patch 136840-01 or higher
  • For Solaris 10 systems on which Sun Service Tag was manually installed via a download from the Sun Download Center, version 1.1.2 or higher should be retrieved via the "Download Service Tags" link at:
      https://inventory.sun.com/inventory/
 
Then, the current packages should be removed:

      # pkgrm SUNWstosreg SUNWservicetagu SUNWservicetagr

and finally the new packages should be installed, via pkgadd(1M),
as mentioned in the enclosed README from the Service Tag download. 


Enterprise Linux platforms
      
The enterprise Linux version of Sun Service Tag,  version 1.1.2 or 
higher should be retrieved via the "Download Service Tags" link at:

      https://inventory.sun.com/inventory/
 
Then, the current packages should be removed:

      # rpm -e sun-servicetag

and finally the new packages should be installed, via "rpm -i"
as mentioned in the enclosed README from the Service Tag download.

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
Modification History
05-Jun-2008: updated Contributing Factors and Resolution sections


References
 136839-01

 136840-01



                          



Attachments
This solution has no attachment