Vigil@nce: Solaris, denials of service of IP and STREAMS
October 2009 by Vigil@nce
A local attacker can generate a memory leak in the IP and STREAM
modules of the Solaris kernel.
– Severity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 2
– Creation date: 01/10/2009
IMPACTED PRODUCTS
– OpenSolaris
– Sun Solaris
– Sun Trusted Solaris
DESCRIPTION OF THE VULNERABILITY
The Solaris kernel contains IP and STREAMS (network streams)
modules. Two vulnerabilities were announced in these
vulnerabilities.
When an error occurs during the handling of
M_DATA/M_PROTO/M_PCPROTO messages in the rts_wrw() function of the
uts/common/inet/ip/rts.c file, the "mp" pointer is not freed.
[grav:1/4; 6646890]
During the handling of M_SIG messages in the strgetmsg() and
kstrgetmsg() functions of the uts/common/os/streamio.c file, the
"bp" pointer is not freed. [grav:1/4; 6646366]
A local attacker can therefore generate a memory leak in the IP
and STREAM modules of the Solaris kernel, in order to
progressively use all available system memory, which leads to a
denial of service.
CHARACTERISTICS
– Identifiers: 263388, 6646366, 6646890, BID-36562,
VIGILANCE-VUL-9062
– Url: http://vigilance.fr/vulnerability/Solaris-denials-of-service-of-IP-and-STREAMS-9062