Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Solaris, denial of service via DTrace

April 2009 by Vigil@nce

A local attacker can use DTrace in order to stop the system.

- Severity: 1/4
- Consequences: denial of service of computer
- Provenance: user shell
- Means of attack: no proof of concept, no attack
- Ability of attacker: expert (4/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Creation date: 29/04/2009

IMPACTED PRODUCTS

- OpenSolaris
- Sun Solaris

DESCRIPTION OF THE VULNERABILITY

The DTrace feature is used to trace processes in order to debug their execution.

A user can use an ioctl to exchange information with DTrace. This ioctl uses:
- /dev/dtrace/helper for dtrace_ioctl_helper() of usr/src/uts/common/dtrace/dtrace.c
- /dev/dtrace/provider/fasttrap for fasttrap_ioctl() of usr/src/uts/common/dtrace/fasttrap.c

However, the dtrace_ioctl_helper() and fasttrap_ioctl() functions do not correctly validate data structure given to the ioctl. Malicious data thus panic the kernel.

A local attacker can therefore use DTrace in order to stop the system.

CHARACTERISTICS

- Identifiers: 257708, 6823388, BID-34753, VIGILANCE-VUL-8678
- Url: http://vigilance.fr/vulnerability/Solaris-denial-of-service-via-DTrace-8678

To change your email preferences (frequency, severity threshold, format): https://vigilance.fr/?action=2041549901&langue=2




See previous articles

    

See next articles