Vigil@nce: Solaris, denial of service of Solstice X.25
November 2008 by Vigil@nce
SYNTHESIS
A local attacker can panic a system with several CPUs and Solstice
X.25.
Gravity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: medium (2/3)
Creation date: 10/11/2008
IMPACTED PRODUCTS
– Sun Solaris
– Sun Trusted Solaris
DESCRIPTION
The Solstice X.25 program is an implementation of the ITU-T X.25
protocol. The /dev/xty devices emulate the /dev/tty devices for
outgoing calls using UUCP or TIP (implemented by the
/usr/kernel/strmod/s_xout module). By default, all local users can
read /dev/xty devices.
However, a local attacker on a multi-processor computer can use
/dev/xty in order to create an error in s_xout.
A local attacker can thus stop the system.
CHARACTERISTICS
Identifiers: 243106, 6633306, VIGILANCE-VUL-8232