Sun Solaris UFS Logging Bug in ufs_setsecattr() Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1014967
|
|
SecurityTracker URL: http://securitytracker.com/id?1014967
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 23 2005
|
Impact: Denial of service via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): Solaris 8, 9
|
Description: A vulnerability was reported in Sun Solaris when UFS logging is enabled. A local user can cause denial of service conditions.
A local user with 'write' access to a Unix File System (UFS) where UFS logging is enabled may be able to cause a 'soft hang' of the
operating system. Incorrect lock-ordering in the ufs_setsecattr() function may result in a deadlock.
Solaris 10 is not affected.
|
Impact: A local user can cause denial of service conditions.
|
Solution: Sun has issued the following fixes.
SPARC Platform
* Solaris 8 with patch 116950-05 or later
* Solaris 9 with patch
117427-03 or later
x86 Platform
* Solaris 8 with patch 116951-05 or later
* Solaris 9 with patch 117476-01 or later
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-101940-1 (Links to External Site)
|
Cause: State error
|
Underlying OS: UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 23 Sep 2005 08:17:40 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101940-1
|
# Sun Alert ID: 101940
# Synopsis: Security Vulnerability in Solaris UFS When Logging is Enabled
# Category: Security
#
Product: Solaris 9 Operating System, Solaris 8 Operating System
# BugIDs: 4936030
# Avoidance: Patch, Workaround
# State: Resolved
# Date Released: 22-Sep-2005
# Date Closed: 22-Sep-2005
# Date Modified:
|
|
