Note: This is an archival copy of Security Sun Alert 258888 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020461.1.
Article ID : 1020461.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-05
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Vulnerability Involving the OpenSolaris Process File System (proc(4)) May Allow an Unprivileged Local User to Panic the System

Category
Security

Release Phase
Resolved

Bug Id
6781092

Product
OpenSolaris

Date of Resolved Release
06-Jul-2009

A Security Vulnerability Involving the OpenSolaris Process File System (proc(4)) May Allow an Unprivileged Local User to Panic the System

1. Impact

A security vulnerability in the OpenSolaris process file system (proc(4)) may allow a local
unprivileged user to panic the system and thereby cause a denial of service (DoS).

Sun acknowledges, with thanks, Solvi Pall Asgeirsson of SecurStore for bringing this issue to our attention.

2. Contributing Factors

This issue can occur in the following releases:

x86 Platform
  • OpenSolaris based upon builds snv_49 through snv_109

Note: OpenSolaris distributions may include additional bug fixes above and beyond
the build from which it was derived.  The base build can be derived as follows:

    $ uname -v
    snv_101

Note: OpenSolaris on the SPARC platform and Solaris 8, 9 and 10 are not impacted by this issue.


3. Symptoms

When this issue is exploited to cause a Denial of Service (DoS), a deadlock may
occur in the kernel leading the system to panic in the ldt_rewrite_syscall function.


4. Workaround

There is no workaround to this issue. Please see the Resolution section  below.


5. Resolution

This issue is addressed in the following releases:

x86 Platform
  • OpenSolaris based upon builds snv_110 or later


For more information on Security Sun Alerts, see











Attachments
This solution has no attachment