Vigil@nce: Solaris, denial of service of UFS
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can generate errors in the ufs_getpage() and
ufs_putpage() functions in order to create a denial of service.
Gravity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 17/03/2009
IMPACTED PRODUCTS
– OpenSolaris
– Sun Solaris
DESCRIPTION OF THE VULNERABILITY
The UFS filesystem is used by default on Solaris. It is impacted
by three vulnerabilities.
On a x86 64bit system, a local attacker can prevent writing on the
filesystem, via the ufs_getpage() function. [grav:1/4; CR 6442712]
On a SPARC sun4v system, a local attacker can prevent writing on
the filesystem, via the ufs_getpage() function. [grav:1/4; CR
6425723]
On a x86 system, a local attacker can panic the system, via the
ufs_putapage() function. [grav:1/4; CR 6679732]
A local attacker can therefore generate errors in UFS in order to
create a denial of service.
CHARACTERISTICS
Identifiers: 254628, BID-34137, CR 6425723, CR 6442712, CR
6679732, VIGILANCE-VUL-8541
http://vigilance.fr/vulnerability/Solaris-denial-of-service-of-UFS-8541