X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 254628 Security Vulnerabilities in the UFS File System Relating to ufs_getpage() and ufs_putpage() Routines May Allow a Local User to Hang or Panic the System

Guest Author
Product: Solaris 10 Operating System OpenSolaris
Several vulnerabilities in the UFS file system involving the ufs_getpage()
and ufs_putapage() routines may lead to a system hang or a system panic.
The specific impact for each of the issues are as follows:

CR 6442712
A local unprivileged user may be able to cause all writes to a UFS
filesystem to hang on x86 systems running OpenSolaris builds snv_39
through snv_45 in 64-bit mode. This can then prevent applications and
commands from succeeding which is a type of Denial of Service (DoS). In
addition, if the root (/) filesystem is UFS then this may lead to a system
hang which is a type of Denial of Service (DoS).

CR 6425723
A local unprivileged user may be able to cause all writes to a UFS
filesystem to hang on SPARC sun4v systems running Solaris 10 with patch
138888-01 or later and without patch 139483-05 or OpenSolaris builds
snv_47 through snv_85. This can then prevent applications and
commands from succeeding which is a type of Denial of Service (DoS). In
addition, if the root (/) filesystem is UFS then this may lead to a system
hang which is a type of Denial of Service (DoS).

CR 6679732
A local unprivileged user may be able to panic x86 systems running
OpenSolaris builds snv_86 through snv_91 in 32-bit mode with at least one
UFS filesystem present.


State: Resolved
First released: 16-Mar-2009

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.