TECHNICAL BULLETIN
TECHNICAL BULLETIN
| PROBLEM: | Solaris Kernel udp(7p) may Cause Certain Trusted Configurations of Solaris to Panic or Become Vulnerable to Triggered Panics Resulting in a Denial of Service (DoS) |
| PLATFORM: | Solaris 10 Operating System OpenSolaris |
| ABSTRACT: | Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches. |
| LINKS: | |
| DOE-CIRC BULLETIN: | http://www.doecirc.energy.gov/bulletins/t-176.shtml |
| OTHER LINKS: |
NIST http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2297 SUN microsystems http://sunsolve.sun.com/search/document.do?assetkey=1-66-262048-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-02-1 |
| CVE: |
CVE-2009-2297 |
| IMPACT ASSESSMENT: | This risk is high. This issue may also allow remote or local unprivileged users to panic the system, thereby causing a Denial of Service (DoS) to the system as a whole. |
[***** Start CVE-2009-2297 *****]
Discussion:
Solaris Kernel udp(7p) may Cause Certain Trusted Configurations of Solaris to Panic or Become Vulnerable to Triggered Panics Resulting in a Denial of Service (DoS). Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches.
This issue can occur in the following releases:
SPARC Platform
* Solaris 10 with patch 138888-03 or patch 139555-08 and without patch 141414-02
* OpenSolaris based upon builds snv_90 through snv_108
x86 Platform
* Solaris 10 with patch 138888-03 or patch 139555-08 and without patch 141415-04
* OpenSolaris based upon builds snv_90 through snv_108
Note: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows:
$ uname -v
snv_101
Notes: Solaris 8 and 9 are not impacted by this issue.
This issue only impacts systems which have Solaris Trusted Extensions installed and running. To determine if Trusted Extensions is installed and running on a host, execute the following command as root in the global zone:
# svcs labeld
online 16:19:20 svc:/system/labeld:default
If Trusted Extensions is configured and running, the labeld service will have an instance in the online state.
Symptoms
If this issue occurs, the system may panic with a stack trace similar to the following:
crgetlabel()
ip_wput_local+0x561()
ip_wput_ire+0x2bed()
ip_output_options+0x3c7()
udp_output_v4+0x442()
udp_output+0x145()
udp_wput_data+0xd1()
Certain systems may panic repeatedly, becoming unavailable until the resolution patches are applied and the system is rebooted.
Solution:
This issue is addressed in the following releases:
SPARC Platform
* Solaris 10 with patch 141414-02 or later
* OpenSolaris based upon builds snv_109 or later
x86 Platform
* Solaris 10 with patch 141415-04 or later
* OpenSolaris based upon builds snv_109 or later
(patch & updates)
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-02-1
For more information on security Sun Alerts, see Technical Instruction ID 213557.
http://sunsolve.sun.com/search/document.do?assetkey=1-61-213557-1
[***** End CVE-2009-2297 *****]
Voice: 866-941-2472
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov