Vigil@nce: penSolaris, denial of service of posix_fallocate
January 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can call posix_fallocate() in order to panic the
system.
Gravity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/01/2009
IMPACTED PRODUCTS
– OpenSolaris
DESCRIPTION OF THE VULNERABILITY
The posix_fallocate() system call is used to ensure there is
sufficient free space on the file system to write to a file:
int posix_fallocate(int fd, off_t offset, off_t len);
Under OpenSolaris, it is implemented in usr/src/lib/libc/port/gen/posix_fallocate.c.
However, posix_fallocate() calls fcntl() which does not check if
the "fd" file descriptor is a regular file, which creates an error.
A local attacker can therefore call posix_fallocate() with a
special file descriptor in order to panic the system.
CHARACTERISTICS
Identifiers: 239188, 6669199, BID-33267, VIGILANCE-VUL-8394
http://vigilance.fr/vulnerability/OpenSolaris-denial-of-service-of-posix-fallocate-8394