CERT-In Vulnerability Note CIVN-2008-89
Vulnerability in the Solaris 10 Event Port Implementation
Original Issue Date:
June 19, 2008
Severity Rating:
Low
System Affected
Overview
It has been reported that the Solaris 10 contains event port implementation vulnerability which could be exploited by a local user to cause denial of service conditions.
Description
Security vulnerability exists in the Solaris 10 event port implementation due to unspecified error, which may lead to a panic in the system, when a local user executes an application program that submits and retrieves user-defined events from a port. This may allow a local unprivileged user to cause a system panic resulting in Denial of Service (DoS) condition in the affected host.
Solutions
Apply appropriate patches as suggested by vendor
- SPARC Platform - Solaris 10 with patch 137111-01 or later
- x86 Platform - Solaris 10 with patch 137112-01 or later
Vendor Information
SUN
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-235122-1
References
SecurityTracker
http://securitytracker.com/alerts/2008/Jun/1020274.html
SecurityLab
http://en.securitylab.ru/notification/354718.php
Secunia
http://secunia.com/advisories/30653/
SecurityFocus
http://www.securityfocus.com/bid/29680
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
