Vigil@nce : Solaris, denial of service of picld
août 2008 par Vigil@nce
SYNTHESIS
An attacker can send requests to picld daemon, theses last will
generate a denial of service.
Gravity : 1/4
Consequences : denial of service of service
Provenance : user shell
Means of attack : no proof of concept, no attack
Ability of attacker : expert (4/4)
Confidence : confirmed by the editor (5/5)
Diffusion of the vulnerable configuration : high (3/3)
Creation date : 31/07/2008
Identifier : VIGILANCE-VUL-7983
IMPACTED PRODUCTS
– OpenSolaris [confidential versions]
– Sun Solaris [confidential versions]
– Sun Trusted Solaris [confidential versions]
DESCRIPTION
PICL (Platform information and control library) is composed by a
"picld" daemon and a "libpicl" API. This service can be used to
obtain information about the computer.
The prtdiag, prtpicl, prtfru commands are compiled with libpicl.
When the user uses theses commands, the libpicl API requests the
daemon.
The prtdiag, prtpicl, prtfru commands lead to the usage of a door
(handle to access resource) creation function. When the
door_create function fails, for example if resources are
exhausted, the lock is not freed. The daemon thus keeps this lock
and block the access to others threads.
An attacker can therefore send requests to picld daemon, theses
last will generate a denial of service.
CHARACTERISTICS
Identifiers : 239728, 6547926, VIGILANCE-VUL-7983