A security vulnerability in the Service Tag Registry (see below for details)

1. Impact

A security vulnerability in the Service Tag Registry may 
allow a local unprivileged user to fill the '/var' filesystem on a 
host, which may result in a Denial of Service (DoS) to any 
functionality that depends on that fileystem.

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform

• Solaris 10 8/07 without patch 136839-01

• Java Enterprise System (Java ES) 5 under Solaris 10

• Solaris 8 with Sun Service Tag 1.0, 1.1, and 1.1.1, downloaded from the Sun Download Center

• Solaris 9 with Sun Service Tag 1.0, 1.1, and 1.1.1, downloaded from the Sun Download Center

• Solaris 10  with Sun Service Tag 1.0, 1.1, and 1.1.1, downloaded from the Sun Download Center

x86 Platform

• Solaris 10 8/07 without patch 136840-01

• Java Enterprise System (Java ES) 5 under Solaris 10

• Solaris 10  with Sun Service Tag 1.0, 1.1, and 1.1.1, downloaded from the Sun Download Center

Enterprise Linux

• Sun Service Tag RPM version 1.1 and 1.1.1, downloaded from the Sun Download Center

This vulnerability can be exploited with or without the two
Service Tag network services (stlisten and stdiscover) being enabled.

   Note 1: Only systems with the Sun Service Tag infrastructure installed
           are vulnerable to this issue. To determine if it is installed,
           execute the following command:

             On the Solaris platform:
                $ pkginfo SUNWservicetagr                                      

             On the Enterprise Linux platform:
                $ rpm -q sun-servicetag

   Note 2: The Service Tag product on the Windows platform is not
           affected by this vulnerability.

3. Symptoms

If this issue is exploited to cause a Denial of Service (DoS) to           
the system the /var filesystem may become full, causing           
applications and services which depend on this filesystem to fail.

4. Workaround

There is no workaround for this issue. Please see the Resolution section below.

5. Resolution

This issue is addressed in the following releases:
   
SPARC Platform

• Solaris 10 8/07 or Java Enterprise System (Java ES) 5 under
   Solaris 10 with patch 136839-01 or higher
  

• For Solaris 8, 9, and 10 systems on which Sun Service Tag was manually installed via a download from the Sun Download Center, version 1.1.2 or higher should be retrieved via the "Download Service Tags" link at:

      https://inventory.sun.com/inventory/
 
Then, the current packages should be removed:

      # pkgrm SUNWstosreg SUNWservicetagu SUNWservicetagr

and finally the new packages should be installed, via pkgadd(1M),
as mentioned in the enclosed README from the Service Tag download.


x86 Platform

• Solaris 10 8/07 or Java Enterprise System (Java ES) 5 under Solaris 10 with patch 136840-01 or higher

• For Solaris 10 systems on which Sun Service Tag was manually installed via a download from the Sun Download Center, version 1.1.2 or higher should be retrieved via the "Download Service Tags" link at:

      https://inventory.sun.com/inventory/
 
Then, the current packages should be removed:

      # pkgrm SUNWstosreg SUNWservicetagu SUNWservicetagr

and finally the new packages should be installed, via pkgadd(1M),
as mentioned in the enclosed README from the Service Tag download. 


Enterprise Linux platforms
      
The enterprise Linux version of Sun Service Tag,  version 1.1.2 or 
higher should be retrieved via the "Download Service Tags" link at:

      https://inventory.sun.com/inventory/
 
Then, the current packages should be removed:

      # rpm -e sun-servicetag

and finally the new packages should be installed, via "rpm -i"
as mentioned in the enclosed README from the Service Tag download.

05-Jun-2008: updated Contributing Factors and Resolution sections

This solution has no attachment