CERT-In Vulnerability Note CIVN-2008-88
Vulnerability of Local Denial of Service Sun Solaris UltraSPARC Kernel Module

Original Issue Date: June 19, 2008

Severity Rating: Low

System Affected

• Solaris 10
• OpenSloaris

Overview

Vulnerability in Solaris 10 has been reported, which is associated with Sun UltraSPARC T2 and UltraSPARC T2+ Processors on Solaris 10 . The exploitation of aforesaid vulnerability may cause Denial of service.

Description

The vulnerability of kernel module exists in Solaris 10. The vulnerability is caused due to a kernel error of the processor specific for Sun UltraSPARC T2 and UltraSPARC T2+ systems, which can be exploited by malicious local user to cause a Denial of service.

Workaround

Disable core dumps using coreadm command, as follows:

coreadm -d process -d global -d global-setid -d proc-setid

Solutions

Apply appropriate patches as suggested below:

SPARC Platform

• Solaris 10 with patch 137111-01 or later
• Open Solaris based upon builds snv_93 or later

Vendor Information

SUN
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-238688-1

References

SUN
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-238688-1

AusCERT
http://www.auscert.org.au/render.html?it=9449

Secunia
http://secunia.com/advisories/30654

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003