Vigil@nce : Solaris, denial of service of picld
août 2008 par Vigil@nce
An attacker can send requests to picld daemon, theses last will generate a denial of service.
Gravity : 1/4
Consequences : denial of service of service
Provenance : user shell
Means of attack : no proof of concept, no attack
Ability of attacker : expert (4/4)
Confidence : confirmed by the editor (5/5)
Diffusion of the vulnerable configuration : high (3/3)
Creation date : 31/07/2008
Identifier : VIGILANCE-VUL-7983
OpenSolaris [confidential versions]
Sun Solaris [confidential versions]
Sun Trusted Solaris [confidential versions]
PICL (Platform information and control library) is composed by a "picld" daemon and a "libpicl" API. This service can be used to obtain information about the computer.
The prtdiag, prtpicl, prtfru commands are compiled with libpicl. When the user uses theses commands, the libpicl API requests the daemon.
The prtdiag, prtpicl, prtfru commands lead to the usage of a door (handle to access resource) creation function. When the door_create function fails, for example if resources are exhausted, the lock is not freed. The daemon thus keeps this lock and block the access to others threads.
An attacker can therefore send requests to picld daemon, theses last will generate a denial of service.
Identifiers : 239728, 6547926, VIGILANCE-VUL-7983