CERT-In Vulnerability Note CIVN-2008-118
Vulnerability in Solaris namefs kernel module

Original Issue Date: August 07, 2008

Severity Rating: Low

System Affected

• Solaris 8
• Solaris 9
• Solaris 10

Overview

A Vulnerability has been reported in Solaris namefs kernel module which could allow a local attacker to cause Denial of Service (DoS) condition.

Description

NameFS provides the function of file-over-file and directory-over-directory mounts (also called soft mounts) that allows a user to mount a sub-tree of a file system in a different place in the file name space, allowing a file to be accessed through two different path names. A vulnerability has been reported in the namefs kernel module, which is caused by an unspecified error and it may allow local unprivileged user to execute arbitrary code in context of kernel. By exploiting this vulnerability local unprivileged user may cause system panic that lead to Denial of Service (DoS) condition.

Solutions

• SPARC Platform
  • Solaris 8 with patch 114984-02 or later
  • Solaris 9 with with patch 114971-03 or later
  • Solaris 10 with with patch 136716-01 or later
    
    
• x86 Platform
  • Solaris 8 with patch 114985-02 or later
  • Solaris 9 patch 138570-01 or later
  • Solaris 10 patch 136717-01 or later

Vendor Information

SUN
http://sunsolve.sun.com/search/document.do?
assetkey=1-66-237986-1

References

SecurityFocus
http://www.securityfocus.com/bid/30513

Secunia
http://secunia.com/advisories/31356/

FrSIRT
http://www.frsirt.com/english/advisories/2008/2290

AusCERT
https://www.auscert.org.au/render.html?it=9672

CVE Name

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003