[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sun] Schwachstelle im Sun Solaris vuidmice STREAMS Modules - 103065

To: win-sec-ssc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: [Sun] Schwachstelle im Sun Solaris vuidmice STREAMS Modules - 103065
From: WiN Site Security Contacts <win-sec-ssc@xxxxxxxxxxxxxxxxx>
Date: Wed, 10 Oct 2007 17:44:01 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

Liebe Kolleginnen und Kollegen,

soeben erreichte uns das nachfolgende Bulletin des SUN Customer Warning
System. Wir geben diese Informationen unveraendert an Sie weiter.

  Schwachstelle im Sun Solaris vuidmice STREAMS Modulen

  Im den vuidmice STREAMS Modulen in Sun Solaris fuer die Sun Solaris
  x86 Plattform existiert eine Schwachstelle. Ein lokaler Angreifer mit
  Zugriff auf das Konsolen-Device (system console device) kann diese
  Schwachstelle fuer einen Denial of Service Angriff auf die Konsole
  ausnutzen.

Betroffen sind die folgenden Software Pakete und Plattformen:

  x86 Plattform:
       * Solaris 8 vor Patch 114154-02
       * Solaris 9 vor Patch 117419-03
       * Solaris 10 vor Patch 127751-01

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-103065-1


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
	Torsten Voss

- --
 
Dipl.-Ing.(FH) Torsten Voss (CSIRT, Research)

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Heidenkampsweg 41, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski


Sun(sm) Alert Notification
     * Sun Alert ID: 103065
     * Synopsis: Security Vulnerability in the vuidmice(7M) STREAMS Modules May
       Lead to a Denial of Service (DoS) Condition
     * Category: Security
     * Product: Solaris 9 Operating System, Solaris 10 Operating System,
       Solaris 8 Operating System
     * BugIDs: 6575427
     * Avoidance: Patch
     * State: Resolved
     * Date Released: 08-Oct-2007
     * Date Closed: 08-Oct-2007
     * Date Modified:

1. Impact

   A security vulnerability in the vuidmice(7M) STREAMS modules may allow a
   local unprivileged user who has access to the system console device
   (console(7D)) to render the console unusable, which is a type of Denial of
   Service (DoS).

2. Contributing Factors

   This issue can occur in the following releases:

   x86 Platform
     * Solaris 8 without patch 114154-02
     * Solaris 9 without patch 117419-03
     * Solaris 10 without patch 127751-01

   Note 1: Solaris on the SPARC platform is not impacted by this issue.

   Note 2: This issue requires users to have access to the system console
   device in order to be exploited.

3. Symptoms

   If this issue is exploited, it may render the system console device unusable
   and may cause garbled characters to be printed on the console. In addition,
   on Solaris 10 systems, this issue may cause smf(5) to print the following
   error message on the system console in a continuous loop:
    Requesting System Maintenance Mode
    (See /lib/svc/share/README for more information.)
    Console login service(s) cannot run


   Solution Summary Top

4. Relief/Workaround

   There is no workaround for this issue. Please see the "Resolution" section
   below.

5. Resolution

   This issue is addressed in the following releases:

   x86 Platform
     * Solaris 8 with patch 114154-02 or later
     * Solaris 9 with patch 117419-03 or later
     * Solaris 10 with patch 127751-01 or later

   This Sun Alert notification is being provided to you on an "AS IS" basis.
   This Sun Alert notification may contain information provided by third
   parties. The issues described in this Sun Alert notification may or may not
   impact your system(s). Sun makes no representations, warranties, or
   guarantees as to the information contained herein. ANY AND ALL WARRANTIES,
   EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF
   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE
   HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL
   IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR
   CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE
   INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun
   proprietary and confidential information. It is being provided to you
   pursuant to the provisions of your agreement to purchase services from Sun,
   or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun
   Alert notification may only be used for the purposes contemplated by these
   agreements.

   Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBRwzzQRYd1iQZmhQQAQFqxAgAuvRy2h6dv2APfPaRkjlv1Tk/0Bk6UbQX
lA5iU9oUSNYZSQcCIhfZHK/+EfiJbk8QIPIBcGuN12/Q8eF6Nemq2Jtzckceskd7
fsC9gdEO7uZtJVcegF6j/ZCkRZe96LfmKAXJd/aiKgP4uE0iqp9QRelG/chiv+Kz
DjCgkmmy36xhtHVgZVhmUUj04z64PN/L6hFG3pZSyS55d/7YjPtfyLQncrxobymT
2l0D7lWSIqA3ZZ5ftajlrxRyHWbn5qdgZjQylGbkacQXJ9p0+Bc7Z4+mIReM1dt8
qhhzoXy6rNFEBbvhPu5Sl96wqQ6ScalaoRmXuZ4jltj6WU6z6K+urA==
=0P98
-----END PGP SIGNATURE-----

Prev by Date: [MS] Schwachstelle in Microsoft SharePoint - MS07-059
Next by Date: [OpenBSD] Schwachstelle im OpenBSD DHCP Server - OpenBSD_DHCP
Previous by thread: [MS] Schwachstelle in Microsoft SharePoint - MS07-059
Next by thread: [OpenBSD] Schwachstelle im OpenBSD DHCP Server - OpenBSD_DHCP
Index(es):
- Date
- Thread