Vigil@nce: Solaris, denial of service of Event Port
June 2009 by Vigil@nce
A local attacker can stop the system via a software using the
Event Port API.
Severity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 19/06/2009
IMPACTED PRODUCTS
– OpenSolaris
– Sun Solaris
DESCRIPTION OF THE VULNERABILITY
The Event Port API provides functions to manage various kinds of
events: TIMER, USER, ALERT, etc. Two denials of service impact
Event Ports.
The port_associate_fd() function of the common/fs/portfs/port_fd.c
file associates a file descriptor and an Event Port. This function
does not correctly handle its lock, which blocks the system.
[grav:1/4; 6736713]
The port_dissociate_fd() function of the common/fs/portfs/port_fd.c
file dissociates a file descriptor and an Event Port. This
function prematurely close resources associated to the file
descriptor. [grav:1/4; 6790056]
A local attacker can therefore create an application using the
Event Port with a race, in order to stop the system.
CHARACTERISTICS
Identifiers: 260449, 6736713, 6790056, VIGILANCE-VUL-8812
http://vigilance.fr/vulnerability/Solaris-denial-of-service-of-Event-Port-8812