Vigil@nce: Solaris, denial of service of Solstice X.25
November 2008 by Vigil@nce
A local attacker can panic a system with several CPUs and Solstice X.25.
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: medium (2/3)
Creation date: 10/11/2008
Sun Trusted Solaris
The Solstice X.25 program is an implementation of the ITU-T X.25 protocol. The /dev/xty devices emulate the /dev/tty devices for outgoing calls using UUCP or TIP (implemented by the /usr/kernel/strmod/s_xout module). By default, all local users can read /dev/xty devices.
However, a local attacker on a multi-processor computer can use /dev/xty in order to create an error in s_xout.
A local attacker can thus stop the system.
Identifiers: 243106, 6633306, VIGILANCE-VUL-8232