Note: This is an archival copy of Security Sun Alert 257331 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020388.1. |
Category Security Release Phase Resolved 6796351 Product OpenSolaris Date of Resolved Release 20-Apr-2009 Security Vulnerability in OpenSolaris SCTP Sockets May Allow Unprivileged Users to Panic the System 1. ImpactDue to a security vulnerability in SCTP sockets, OpenSolaris systems mayallow an unprivileged local user to panic the system and thereby cause a denial of service (DoS). 2. Contributing FactorsThis issue can occur in the following releases:SPARC Platform
x86 Platform
Notes: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows: $ uname -v snv_86 Solaris 8, 9 and 10 are not impacted by this issue. 3. SymptomsIf this issue is exploited to cause a denial of service, the kernel panicsand the lower part of the stack trace would be similar to the one below. The key identifying features of the panic is the presence of "sosctp_close()" and "sctp_sack()" in the stack trace. sctp_sack+0xcf(ffffff09c5b45928, 0) sctp_recvd+0xe8(ffffff09c5b45928, 19000) sosctp_close+0x4c(ffffff05727bcc90, 3, ffffff01d9151608) socket_close_internal+0x3a(ffffff05727bcc90, 3, ffffff01d9151608) socket_vop_close+0xf2(ffffff01dfa56800, 3, 1, 0, ffffff01d9151608, 0) fop_close+0x71(ffffff01dfa56800, 3, 1, 0, ffffff01d9151608, 0) closef+0x9e(ffffff01d7e157d8) closeandsetf+0x406(5, 0) close+0x18(5) sys_syscall32+0x1fc() 4. WorkaroundThere is no workaround to this issue. Please see the Resolution section below.5. ResolutionThis issue is addressed in the following releases:SPARC Platform
x86 Platform
For more information on Security Sun Alerts, see Attachments This solution has no attachment |
|