On Solaris 10 a System Panic Due to a Race Condition May OccurWhen SNMP Queries are Processed (such as when netstat(1M) or ifconfig(1M) are run)


Category :AvailabilitySecurity
Release Phase :Resolved
Product :Solaris 10 Operating System  
Bug Id :6450585  
Date of Workaround Release :11-AUG-2006 
Date of Resolved Release :30-JAN-2007 


Impact

A local or remote unprivileged user may be able to trigger a race condition in the kernel and panic a system with certain SNMP requests. A local unprivileged user may be able to trigger the same race condition and panic a local system using certain invocations of ifconfig(1M) or netstat(1M).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 with patch 118833-04 through 118833-32 and without patch 118833-33

x86 Platform

  • Solaris 10 with patch 118855-03 through 118855-32 and without patch 118855-33

Note: Solaris 8 and 9 are not impacted by this issue.


Symptoms

A panic string and stack backtrace similar to the following:

  udp_snmp_get+0x100(3012541a658, 0, ...
  snmpcom_req+0x33c(3012541a658, 300c12929c0, ...
  ip_snmpmod_wput+0xe4(3012541a658, 300c12929c0, ...
  putnext+0x218(3012541a750, 3012541a658, ...
  snmpcom_req+0x368(3012ef12668, 300c12929c0, ...
  icmp_wput_other+0x10c(3012ef12668, 300c12929c0, ...
  qdrain_syncq+0x74(3012ef126d0, 3012ef12668, ...
  drain_syncq+0x2e8(300fc1e01a0, 30124f34520, ...
  outer_exit+0x8c(300bd9f7ef0, 300fc1e01a0, ...
  qattach+0x144(3016d0a8d50, 2a1063bf758, ...
  strioctl+0x1aa4(300fc1f5ca8, 0, ...
  spec_ioctl+0x8c(2c00000315, 5302, ...
  fop_ioctl+0x20(3032dccfd80, 5302, ...
  ioctl+0x184(3, 3016fd2c290, 2073c, ...
  syscall_trap32+0xcc(3, 5302, ...

 


Workaround

There is no workaround. Please see Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 118833-33 or later

x86 Platform

  • Solaris 10 with patch 118855-33 or later



Modification History


Date: 14-NOV-2006
  • Updated Relief/Workaround section

 


Date: 11-JAN-2007
  • Modified Synopsis, Impact and Relief/Workaround sections

 


Date: 30-JAN-2007
  • State: Resolved
  • Updated Contributing Factors and Resolution sections

 




Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 200105
Article Type : Sun Alert
Last reviewed : 2007-01-30
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
Contact About Sun News & Events Employment Site Map Privacy Terms of Use Trademarks Copyright Sun Microsystems, Inc. | SunSolve Version 7.4.0 #1