Category
Security
Release Phase
Resolved
Bug Id
6688233
ProductSolaris 10 Operating System
OpenSolaris
Date of Resolved Release05-Aug-2008
Due to a security vulnerability in Solaris (see below for full details)
1. Impact
Due to a security vulnerability in Solaris, usage of the
pthread_mutex_reltimedlock_np(3C) API by a local unprivileged user
or by an application, when the API is used in a particular way, can
cause the system to hang or, if the deadman feature is enabled, to
panic.
This leads to a Denial of Service (DoS) condition.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
x86 Platform
Notes: Solaris 8 and Solaris 9 are not impacted by this issue.
If the deadman feature is enabled on a system, the kernel variable
"snooping" will have a value of one (1). To determine the value of
the "snooping" kernel variable, run the following command:
# echo "snooping/X" | mdb -k
OpenSolaris distributions may include additional bug fixes above and
beyond the build from which it was derived. The base build can be derived
as follows:
$ uname -a
SunOS phys-node-1 5.11 snv_86 i86pc i386 i86pc
3. Symptoms
If the described issue occurs, the system will hang.
On a system with deadman enabled the system will panic with
the message:
deadman: timed out after 50 seconds of clock inactivity
In both cases a crash dump will reveal that there are one or
more threads running on the cpu with the following stack:
genunix:thread_lock_high+44()
genunix:turnstile_pi_waive+11()
genunix:turnstile_wakeup+57()
unix:mutex_vector_exit+5()
genunix:turnstile_block+404()
genunix:lwp_upimutex_lock+154()
genunix:lwp_mutex_timedlock+5e5()
4. Workaround
There is no workaround for this issue. Please see the
"Resolution" section below.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
x86 Platform
For more information on Security Sun Alerts, see .
References
137111-04
137112-04
References
SUNPATCH:137111-04
SUNPATCH:137112-04
AttachmentsThis solution has no attachment