Vigil@nce - Solaris: denial of service via ZFS
May 2010 by Marc Jacob
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a deep directory hierarchy on a ZFS
filesystem, in order to stop some file manipulation tools.
Severity: 1/4
Creation date: 24/05/2010
DESCRIPTION OF THE VULNERABILITY
The Solaris system implements the support of ZFS filesystems.
This implementation manages sub-directories by recursively calling
functions. For example, to manage "dir1/dir2/dir3", the function
calls itself twice. However, the stack size is limited, so after a
few thousands calls, tools (rm, du, find, etc.) stop.
A local attacker can therefore create a deep directory hierarchy
on a ZFS filesystem, in order to stop some file manipulation
tools. This vulnerability can for example be used to forbid the
deletion of files by a crontab script.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Solaris-denial-of-service-via-ZFS-9662