Category
Security
Category
Availability
Release Phase
Resolved
Bug Id
6795688
Date of Resolved Release23-Jul-2009
Security Vulnerability in Solaris Auditing Related to Extended File Attributes ... (see below)
1. Impact
A security vulnerability in Solaris Auditing when interacting with
extended file
attributes (fsattr(5)) may allow a local unprivileged user to be able
to panic the
system. The ability to panic a system is a type of Denial of Service
(DoS).
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 9 without patch 122300-39
- Solaris 10 without patch 140921-01
- OpenSolaris based upon builds snv_01 through snv_120
x86 Platform
- Solaris 9 without patch 122301-39
- Solaris 10 without patch 140922-01
- OpenSolaris based upon builds snv_01 through snv_120
Notes:
1. Solaris 8 is not impacted by this issue.
2. This issue only affects systems which have Solaris Auditing (see
bsmconv(1M))
enabled. To determine if a system has Solaris Auditing enabled the
grep(1) command
can be used to search the '/etc/system' file for a reference to the
c2audit kernel module
as in the following example:
$ grep c2audit /etc/system
set c2audit:audit_load = 1
3. OpenSolaris distributions may include additional bug fixes above
and beyond the build from which it was derived. To determine the
base build of OpenSolaris, the following command can be used:
$ uname -v
snv_86
3. Symptoms
If the system panics due to this issue an error message will be
generated
which looks similar to the following:
panic[cpu0]/thread=300018a26a0: BAD TRAP: type=31 rp=2a10033b820 addr=0
mmu_fsr=0 occurred in module "unix" due to a NULL pointer dereference
and the stack backtrace will reference audit_setfsat_path() after
an earlier call to one
of the extended attribute (fsattr(5)) functions like fchownat(2)
in the following example:
die()
trap()
ktl0()
audit_setfsat_path()
[...]
fchownat()
4. Workaround
To prevent this issue from occurring Solaris Auditing can be
disabled (see bsmunconv(1M)).
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 9 with patch 122300-39 or later
- Solaris 10 with patch 140921-01 or later
- OpenSolaris based upon builds snv_121 or later
x86 Platform
- Solaris 9 with patch 122301-39 or later
- Solaris 10 with patch 140922-01 or later
- OpenSolaris based upon builds snv_121 or later
For more information on Security Sun Alerts, see .
ProductSolaris 9 Operating System
Solaris 10 Operating System
OpenSolaris
References
122300-39
122301-39
140921-01
140922-01
References
SUNPATCH:122300-39
SUNPATCH:122301-39
SUNPATCH:140921-01
SUNPATCH:140922-01
AttachmentsThis solution has no attachment