Vigil@nce: Solaris, denial of service via fstat
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can use the fstat() function in order to stop the
system.
Severity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/05/2009
IMPACTED PRODUCTS
– Sun Solaris
DESCRIPTION OF THE VULNERABILITY
The fstat() function obtains information on the file indicated by
its descriptor:
int fstat(int descriptor, struct stat *info);
The cstat() function of the kernel (usr/src/uts/common/syscall/stat.c)
is a common function for stat(), lstat() and fstat(). The
cstatat_getvp() function of the kernel initializes the vnode_t
structure associated to a file descriptor.
A local attacker can use the fstat() function in order to generate
an error in cstat() or cstatat_getvp(). Technical details are
unknown.
A local attacker can thus stop the system.
CHARACTERISTICS
Identifiers: 257988, 6328960, VIGILANCE-VUL-8717
http://vigilance.fr/vulnerability/Solaris-denial-of-service-via-fstat-8717