Vigil@nce: Solaris, denial of service via DTrace
April 2009 by Vigil@nce
A local attacker can use DTrace in order to stop the system.
– Severity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 29/04/2009
IMPACTED PRODUCTS
– OpenSolaris
– Sun Solaris
DESCRIPTION OF THE VULNERABILITY
The DTrace feature is used to trace processes in order to debug
their execution.
A user can use an ioctl to exchange information with DTrace. This
ioctl uses:
– /dev/dtrace/helper for dtrace_ioctl_helper() of
usr/src/uts/common/dtrace/dtrace.c
– /dev/dtrace/provider/fasttrap for fasttrap_ioctl() of
usr/src/uts/common/dtrace/fasttrap.c
However, the dtrace_ioctl_helper() and fasttrap_ioctl() functions
do not correctly validate data structure given to the ioctl.
Malicious data thus panic the kernel.
A local attacker can therefore use DTrace in order to stop the
system.
CHARACTERISTICS
– Identifiers: 257708, 6823388, BID-34753, VIGILANCE-VUL-8678
– Url: http://vigilance.fr/vulnerability/Solaris-denial-of-service-via-DTrace-8678
To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2