SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   Solaris Vendors:   Sun
Solaris Tag Service Registry Bug Lets Local Users Fill the '/var' Filesystem
SecurityTracker Alert ID:  1020203
SecurityTracker URL:  http://securitytracker.com/id/1020203
CVE Reference:   CVE-2008-2552   (Links to External Site)
Updated:  Feb 11 2009
Original Entry Date:  Jun 5 2008
Impact:   Denial of service via local system, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8, 9, 10
Description:   A vulnerability was reported in Solaris. A local user can consume excessive disk space.

A local user can exploit a flaw in the Solaris Service Tag Registry to fill the '/var' filesystem.

Sun Service Tag 1.0, 1.1, and 1.2 are affected.

Impact:   A local user can cause denial of service conditions on applications and services that use the target '/var' filesystem.
Solution:   The vendor has issued the following fixes [quoted].

SPARC Platform

* Solaris 10 8/07 or Java Enterprise System (Java ES) 5 under
Solaris 10 with patch 136839-01 or higher

* For Solaris 8, 9, and 10 systems on which Sun Service Tag was manually installed via a download from the Sun Download Center, version 1.1.3 or higher should be retrieved via the "Download Service Tags" link at:

https://inventory.sun.com/inventory/

Then, the current packages should be removed:

# pkgrm SUNWstosreg SUNWservicetagu SUNWservicetagr

and finally the new packages should be installed, via pkgadd(1M),
as mentioned in the enclosed README from the Service Tag download.


x86 Platform

* Solaris 10 8/07 or Java Enterprise System (Java ES) 5 under Solaris 10 with patch 136840-01 or higher

* For Solaris 10 systems on which Sun Service Tag was manually installed via a download from the Sun Download Center, version 1.1.3 or higher should be retrieved via the "Download Service Tags" link at:

https://inventory.sun.com/inventory/

Then, the current packages should be removed:

# pkgrm SUNWstosreg SUNWservicetagu SUNWservicetagr

and finally the new packages should be installed, via pkgadd(1M),
as mentioned in the enclosed README from the Service Tag download.


Enterprise Linux platforms

The enterprise Linux version of Sun Service Tag, version 1.1.3 or
higher should be retrieved via the "Download Service Tags" link at:

https://inventory.sun.com/inventory/

Then, the current packages should be removed:

# rpm -e sun-servicetag

and finally the new packages should be installed, via "rpm -i"
as mentioned in the enclosed README from the Service Tag download.

The vendor's advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238414-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-238414-1 (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC