Category
Security
Release Phase
Resolved
Bug Id
6823388
ProductSolaris 10 Operating System
OpenSolaris
Date of Workaround Release27-Apr-2009
Date of Resolved Release05-Jun-2009
Security Vulnerabilities in DTrace (dtrace(1M)) ioctl(2) Handlers May Lead to a Denial of Service (DoS) Condition
1. Impact
Multiple security vulnerabilities in the DTrace (dtrace(1M)) ioctl(2)
handlers may allow a local unprivileged user to cause a system panic,
thereby leading to a Denial of Service (DoS) condition.
Sun acknowledges Neil Kettle for bringing this issue to
our attention.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 141765-01
- OpenSolaris based upon builds snv_01 through snv_113
x86 Platform
- Solaris 10 without patch 141766-01
- OpenSolaris based upon builds snv_01 through snv_113
Note: Solaris 8 and Solaris 9
are not affected by this issue.
OpenSolaris distributions may include additional bug fixes above and
beyond the build from which it was derived. To determine the base
build of OpenSolaris, the following command can be run:
$ uname -v
snv_110
Only those systems which have the package SUNWdtrp installed are
affected by this issue. To determine if SUNWdtrp is installed, the
following command may be run:
On Solaris 10:
$ pkginfo SUNWdtrp
system SUNWdtrp DTrace Providers
On OpenSolaris:
$ pkg search SUNWdtrp
INDEX ACTION VALUE PACKAGE
legacy_pkg legacy SUNWdtrp pkg:/SUNWdtrp@0.5.11-0.86
3. Symptoms
Should the described issue occur, the system may panic with a stack
trace similar to one of the following:
dtrace_dof_slurp()
dtrace_helper_slurp()
dtrace_ioctl_helper()
<...>
fop_ioctl()
ioctl()
syscall_trap32()
Or:
fasttrap_add_probe()
fasttrap_ioctl()
<...>
fop_ioctl()
ioctl()
syscall_trap32()
4. Workaround
Until the resolution patches can be be applied, users may work around
the described issue by preventing unprivileged users from accessing the
vulnerable devices. This may be done by running the following commands
as the 'root' user:
# chmod o-rw /dev/dtrace/helper
# chmod o-rw /dev/dtrace/provider/fasttrap
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 141765-01 or later
- OpenSolaris based upon builds snv_114 or later
x86 Platform
- Solaris 10 with patch 141766-01 or later
- OpenSolaris based upon builds snv_114 or later
For more information on
Security Sun Alerts, see 1009886.1.
This Sun Alert
notification is being provided to you on
an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2009 Sun
Microsystems,
Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
Modification History
05-Jun-2009: Updated Contributing Factors and Resolution sections; Resolved
References
141765-01
141766-01
AttachmentsThis solution has no attachment