Category
Security
Category
Availability
Release Phase
Resolved
Bug Id
6816071
Date of Resolved Release27-Jul-2009
Race Condition Security Vulnerability in Solaris Auditing ... (see below)
1. Impact
A race condition security vulnerability in Solaris Auditing when
interacting with
extended file attributes (fsattr(5)) may allow a local unprivileged
user to be able
to panic the system. The ability to panic a system is a type of Denial
of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 9 without patch 122300-42
- Solaris 10 without patch 140921-02
- OpenSolaris based upon builds snv_01 through snv_120
x86 Platform
- Solaris 9 without patch 122301-42
- Solaris 10 without patch 140922-02
- OpenSolaris based upon builds snv_01 through snv_120
Notes:
1. Solaris 8 is not impacted by this issue.
2. This issue only affects systems which have Solaris Auditing (see
bsmconv(1M))
enabled. To determine if a system has Solaris Auditing enabled the
grep(1) command
can be used to search the '/etc/system' file for a reference to the
c2audit kernel module
as in the following example:
$ grep c2audit /etc/system
set c2audit:audit_load = 1
3. OpenSolaris distributions may include additional bug fixes above
and beyond the build from which it was derived. To determine the
base build of OpenSolaris, the following command can be used:
$ uname -v
snv_86
3. Symptoms
If the system panics due to this issue an error message will be
generated
which looks similar to the following:
BAD TRAP: type=e (#pf Page fault) rp=e9762bb0 addr=0 occurred in module
"unix" due to a NULL pointer dereference
and the stack backtrace will reference audit_savepath()
after an earlier call to one
of the extended attribute (fsattr(5)) functions like openat(2)
in the following example:
die()
trap()
audit_pathbuild()
audit_savepath()
lookuppnvp()
[...]
openat()
4. Workaround
To prevent this issue from occurring Solaris Auditing can be
disabled (see bsmunconv(1M)).
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 9 with patch 122300-42 or later
- Solaris 10 with patch 140921-02 or later
- OpenSolaris based upon builds snv_121 or later
x86 Platform
- Solaris 9 with patch 122301-42 or later
- Solaris 10 with patch 140922-02 or later
- OpenSolaris based upon builds snv_121 or later
For more information on Security Sun Alerts, see
ProductSolaris 9 Operating System
Solaris 10 Operating System
OpenSolaris
References
140921-02
140922-02
122300-42
122301-42
References
SUNPATCH:122300-42
SUNPATCH:122301-42
SUNPATCH:140921-02
SUNPATCH:140922-02
AttachmentsThis solution has no attachment