A Security Vulnerability in the Handling of Thread Contexts in the Solaris Kernel May Allow a Denial of Service (DoS)


Category :Security
Release Phase :Resolved
Product :Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System  
Bug Id :6351092  
Date of Resolved Release :26-SEP-2007 


Impact

A security vulnerability related to a race condition during the handling of thread contexts in the Solaris kernel may allow a local unprivileged user to panic the system and thereby cause a Denial of Service (DoS) condition.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 117350-48
  • Solaris 9 without patch 122300-10
  • Solaris 10 without patch 125100-02

x86 Platform

  • Solaris 8 without patch 117351-48
  • Solaris 9 without patch 122301-10
  • Solaris 10 without patch 125101-02

Symptoms

A number of different types of panic can result, making it difficult to quickly pin-point this issue as the cause. However, as an example, the following command can be run on a crash dump:

    # echo "*panic_thread::findstack !grep kcpc_free" |mdb unix.0 vmcore.0

and if output similar to the following is produced:

    000002a101168a61 kcpc_free+18()

it is likely that this issue has occurred.

Note: by default, crash dumps are written to "/var/crash/<uname -n>". See dumpadm(1M) for further information.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform:

  • Solaris 8 with patch 117350-48 or later
  • Solaris 9 with patch 122300-10 or later
  • Solaris 10 with patch 125100-02 or later

x86 Platform:

  • Solaris 8 with patch 117351-48 or later
  • Solaris 9 with patch 122301-10 or later
  • Solaris 10 with patch 125101-02 or later

Note: There are additional patches which complete the fix for 6351092 but these patches are not required to secure a system against the vulnerability in this Sun Alert. The additional patches are only required to ensure consistency with and correct functioning of the debug facilities on your system. (The Solaris 10 SPARC and x86 kernel patches and the Solaris 9 x86 patch deliver all the files for this change and so these releases are not listed below).

These additional patches which are not required to fix the vulnerability are:

SPARC Platform

x86 Platform






Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 200079
Article Type : Sun Alert
Last reviewed : 2007-09-26
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
Contact About Sun News & Events Employment Site Map Privacy Terms of Use Trademarks Copyright Sun Microsystems, Inc. | SunSolve Version 7.4.0 #1