Category
Security
Release Phase
Resolved
Bug Id
6818191
ProductSolaris 10 Operating System
OpenSolaris
Date of Resolved Release09-Sep-2009
Security Vulnerability in lx Branded Zones May Result in Denial of Service (DoS)
1. Impact
A security vulnerability in lx branded zones may allow a a local
unprivileged user to panic a Solaris x86 Intel-based system running in
64-bit mode, which is a type of Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
x86 Platform
- Solaris 10 with patch 120012-14 and without patch 141415-10
- OpenSolaris based upon builds snv_49 through snv_117
Notes:
1. Solaris 8 and 9 and Solaris on the SPARC platform are not impacted
by this issue
2. This issue only affects Intel-based systems running in 64 bit mode.
amd64 machines are not impacted by this issue. To determine if a system
is Intel-based, the following command can be run:
$ psrinfo -vp
x86 (GenuineIntel 10676 family 6 model 23 step 6 clock 3166 MHz)
Intel(r) Core(tm)2 Duo CPU E8500 @ 3.16GHz
To determine if a system is running in 64 bit mode, the following
command can be run:
$ isainfo -b
64
3. This issue only affects systems which have installed and configured
an lx branded zone. To display the list of all running zones on the
system the zoneadm(1M) command can be used as follows:
$ zoneadm list -v
ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 lx-zone running /zones/lx-zone lx shared
4. OpenSolaris distributions
may include additional bug fixes above and
beyond the build from which it was derived. The base build can be
derived as follows:
$ uname -v
snv_86
3. Symptoms
Should the described issue occur, the system will panic with output
similar to the following:
panic[cpu0]/thread=ffffff02e58edac0:
BAD TRAP: type=8 (#df Double fault) rp=fffffffffbc36db0 addr=0
zsh:
#df Double fault
pid=4702, pc=0xfffffffffb852019, sp=0xffffff00104a0f60, eflags=0x10086
cr0: 8005003b<pg,wp,ne,et,ts,mp,pe> cr4: 6f8<xmme,fxsr,pge,mce,pae,pse,de>
cr2: ffffff00104a0f58
cr3: 1efe18000
cr8: c
rdi: fec44480 rsi: fedb2a00 rdx: febc18f5
rcx: 4b r8: fffffffffbc4db30 r9: ffffff02d4569580
rax: 3fb28f5b30 rbx: fec40000 rbp: ffffff00104a1050
r10: fecff3db2a00ffff r11: ffffff02e58edac0 r12: 0
r13: 0 r14: ffffff02eb2db1e0 r15: 3fb28f5b30
fsb: 0 gsb: fffffffffbc2dff0 ds: 4b
es: 4b fs: 0 gs: 1c3
trp: 8 err: 0 rip: fffffffffb852019
cs: 30 rfl: 10086 rsp: ffffff00104a0f60
ss: 38
tss.tss_rsp0: 0xffffff00104a6000
tss.tss_rsp1: 0x0
tss.tss_rsp2: 0x0
tss.tss_ist1: 0xfffffffffbc36ea0
tss.tss_ist2: 0x0
tss.tss_ist3: 0x0
tss.tss_ist4: 0x0
tss.tss_ist5: 0x0
tss.tss_ist6: 0x0
tss.tss_ist7: 0x0
fffffffffbc36c90 unix:die+10f ()
fffffffffbc36da0 unix:trap+152c ()
ffffff00104a1050 unix:bcopy_ck_size+73d8 ()
ffffff00104a1140 unix:cmntrap+c5 ()
ffffff00104a1230 unix:cmntrap+c5 ()
...
4. Workaround
There is no workaround for this issue. Please see the Resolution
section below.
5. Resolution
This issue is addressed in the following releases:
x86 Platform
- Solaris 10 with patch 141415-10 or later
- OpenSolaris based upon builds snv_118 or later
For
more information on
Security Sun Alerts, see 1009886.1.
This Sun Alert
notification is being provided to you on
an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2009 Sun
Microsystems,
Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
References
141415-10
AttachmentsThis solution has no attachment