Solaris Fibre Channel Protocol Driver Flaw Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1019025
|
|
SecurityTracker URL: http://securitytracker.com/id?1019025
|
|
CVE Reference: CVE-2007-6216
(Links to External Site)
|
Updated: Dec 7 2007
|
Original Entry Date: Nov 30 2007
|
Impact: Denial of service via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): 10
|
Description: A vulnerability was reported in Solaris. A local user can cause denial of service conditions.
A local user can exploit a flaw in the Fibre Channel Protocol driver (fcp(7D)) and Devices File System (devfs(7FS)) to cause the
system to hang when running commands such as cfgadm(1M) or format(1M).
This condition may occur without any user-generated trigger.
|
Impact: A local user can cause the target system to hang.
|
Solution: Sun has issued the following fixes.
SPARC Platform
* Solaris 10 with patch 128491-01 or later
x86 Platform
*
Solaris 10 with patch 128492-01 or later
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102947-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102947-1 (Links to External Site)
|
Cause: State error
|
Underlying OS: UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 29 Nov 2007 23:38:33 -0500
Subject: A Security Vulnerability Resulting From Solaris 10 fcp(7D) and devfs(7FS) Interaction May Allow Certain File Operations to Cause a System Hang
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102947-1
|
|
