Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Abonnez-vous gratuitement à notre NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Se désabonner

Vigil@nce : Solaris, denial of service of picld

août 2008 par Vigil@nce

SYNTHESIS

An attacker can send requests to picld daemon, theses last will generate a denial of service.

Gravity : 1/4

Consequences : denial of service of service

Provenance : user shell

Means of attack : no proof of concept, no attack

Ability of attacker : expert (4/4)

Confidence : confirmed by the editor (5/5)

Diffusion of the vulnerable configuration : high (3/3)

Creation date : 31/07/2008

Identifier : VIGILANCE-VUL-7983

IMPACTED PRODUCTS

- OpenSolaris [confidential versions]
- Sun Solaris [confidential versions]
- Sun Trusted Solaris [confidential versions]

DESCRIPTION

PICL (Platform information and control library) is composed by a "picld" daemon and a "libpicl" API. This service can be used to obtain information about the computer.

The prtdiag, prtpicl, prtfru commands are compiled with libpicl. When the user uses theses commands, the libpicl API requests the daemon.

The prtdiag, prtpicl, prtfru commands lead to the usage of a door (handle to access resource) creation function. When the door_create function fails, for example if resources are exhausted, the lock is not freed. The daemon thus keeps this lock and block the access to others threads.

An attacker can therefore send requests to picld daemon, theses last will generate a denial of service.

CHARACTERISTICS

Identifiers : 239728, 6547926, VIGILANCE-VUL-7983

https://vigilance.aql.fr/tree/1/7983




Voir les articles précédents

    

Voir les articles suivants