[Sun] Schwachstelle in der Sun Solaris IP Implementierung – 248026

[Sun] Schwachstelle in der Sun Solaris IP Implementierung - 248026

Von

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Sun Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

6507173 – Denial of Service Schwachstelle in Sun Solaris

Die IP Implementierung in Sun Solaris enthaelt eine Schwachstelle beim
Oeffnen von Sockets. Durch einen Fehler bei der Ausfuehrung von 32 Bit
Anwendungen kann es dazu kommen, dass uebermaessig viele Sockets durch
die Anwendung geoeffnet werden. Dies kann zu einer Verknappung von
offenen Sockets fuehren und das Oeffnen von neuen IP-Verbindungen von
oder zum System verhindern. Ein Angreifer kann diese Schwachstelle
gezielt ausnutzen, um einen Denial of Service Angriff auf das System
durchzufuehren.

Betroffen sind die folgenden Software Pakete und Plattformen:

Solaris 8
Solaris 9
Solaris 10
OpenSolaris

SPARC Plattform
* Solaris 8 ohne Patch 116965-34
* Solaris 9 ohne Patch 114344-37
* Solaris 10 ohne Patch 138888-01
* OpenSolaris basierend auf den Builds snv_01 bis snv_81

x86 Plattform
* Solaris 8 ohne Patch 116966-33
* Solaris 9 ohne Patch 119435-25
* Solaris 10 ohne Patch 138889-01
* OpenSolaris basierend auf den Builds snv_01 bis snv_81

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248026-1

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Michael Groening, DFN-CERT
– —

Michael Groening (Incident Response Team), +49 40 808077-555

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen https://www.cert.dfn.de/autowarn

Solution Type Sun Alert
Solution 248026 : Security Vulnerability in the Solaris IP(7p)
Implementation, Related to Minor Number Allocation, may Lead to a
Denial of Service (DoS) Condition
Related Categories

* Home>Content>Sun Alert Criteria Categories>Security
* Home>Content>Sun Alert Release Phase>Resolved

Bug ID
6507173

Product
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
OpenSolaris

Date of Resolved Release
30-Jan-2009

SA Document Body
Security vulnerability in the Solaris IP(7p) implementation, related to minor n
umber allocation, may lead to a Denial of Service (DoS) condition:

1. Impact
Security vulnerability within the Solaris IP(7p) (Internet Protocol)
implementation related to the allocation of minor numbers may allow a
local unprivileged user to open a large number of sockets, thereby
resulting in a Denial of Service (DoS) condition to 32-bit
applications. Depending on the system configuration, this may in turn
affect the system as a whole, for example it may prevent new logins
from completing successfully.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
* Solaris 8 without patch 116965-34
* Solaris 9 without patch 114344-37
* Solaris 10 without patch 138888-01
* OpenSolaris based upon builds snv_01 through snv_81

x86 Platform
* Solaris 8 without patch 116966-33
* Solaris 9 without patch 119435-25
* Solaris 10 without patch 138889-01
* OpenSolaris based upon builds snv_01 through snv_81

Note 1: OpenSolaris distributions may include additional bug fixes
above and beyond the build from which it was derived. To determine the
base build of OpenSolaris, the following command can be used:
$ uname -v
snv_86

Note 2: This issue only impacts applications running in 32-bit mode.
To determine if an application is running in 32-bit mode, use the
file(1) command on the executable associated with the application, as
in the following example:
$file /usr/lib/inet/in.dhcpd
/usr/lib/inet/in.dhcpd: ELF 32-bit MSB executable SPARC Version 1, dynamica
lly linked, stripped

If the string “ELF 32-bit” is returned, it is a 32-bit application.
3. Symptoms
If the described issue occurs, users may not be able to login to the
system and certain network services may fail. For example, on systems
configured with NIS+(1), nis_cachemgr(1M) may fail with an error
message similar to the following:
nis_cachemgr: nis_cast: t_open: /dev/udp:Not enough space

Symptoms for other affected 32-bit applications will vary depending on
the application.
4. Workaround
There is no workaround for this issue. Please see the Resolution
section below.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Solaris 8 with patch 116965-34 or later
* Solaris 9 with patch 114344-37 or later
* Solaris 10 with patch 138888-01 or later
* OpenSolaris based upon builds snv_82 or later

x86 Platform
* Solaris 8 with patch 116966-33 or later
* Solaris 9 with patch 119435-25 or later
* Solaris 10 with patch 138889-01 or later
* OpenSolaris based upon builds snv_82 or later

For more information on Security Sun Alerts, see Technical Instruction
ID 213557.
This Sun Alert notification is being provided to you on an “AS IS”
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
Attachments
This solution has no attachment

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFJhvmKk0kIxZMiiQ8RAg3YAJ9i9evvaamNvgaieHcUV88ezWsR4ACglpi+
xtE+68FGEjIZ6s46yYnr58s=
=TVpB
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben