Severity: 1/4

Consequences: denial of service of computer

Provenance: user shell

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 2

Creation date: 19/06/2009

IMPACTED PRODUCTS

 OpenSolaris
 Sun Solaris

DESCRIPTION OF THE VULNERABILITY

The Event Port API provides functions to manage various kinds of events: TIMER, USER, ALERT, etc. Two denials of service impact Event Ports.

The port_associate_fd() function of the common/fs/portfs/port_fd.c file associates a file descriptor and an Event Port. This function does not correctly handle its lock, which blocks the system. [grav:1/4; 6736713]

The port_dissociate_fd() function of the common/fs/portfs/port_fd.c file dissociates a file descriptor and an Event Port. This function prematurely close resources associated to the file descriptor. [grav:1/4; 6790056]

A local attacker can therefore create an application using the Event Port with a race, in order to stop the system.

CHARACTERISTICS

Identifiers: 260449, 6736713, 6790056, VIGILANCE-VUL-8812 http://vigilance.fr/vulnerability/Solaris-denial-of-service-of-Event-Port-8812