Vulnerabilities > CVE-2009-0926 - Resource Management Errors vulnerability in SUN Opensolaris and Solaris
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Unspecified vulnerability in the UFS filesystem functionality in Sun OpenSolaris snv_86 through snv_91, when running in 32-bit mode on x86 systems, allows local users to cause a denial of service (panic) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6679732.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34137 CVE(CAN) ID: CVE-2009-0924,CVE-2009-0925,CVE-2009-0926 Solaris是一款由Sun开发和维护的商业UNIX操作系统。 Solaris系统UFS文件系统中有关ufs_getpage()和ufs_putpage()例程的安全漏洞可能导致系统挂起或忙碌,每个漏洞的具体影响如下: CR 6442712 在以64位模式运行OpenSolaris snv_39到snv_45的x86系统上,本地非特权用户可以导致所有对UFS文件系统的写入挂起,之后无法继续运行应用程序和命令;此外,如果root(/)文件系统为UFS,还可以导致系统挂起。 CR 6425723 在SPARC sun4v系统上,如果所运行的Solaris 10安装了138888-01补丁或之后版本且没有安装139483-05补丁,或在运行OpenSolaris snv_47到snv_85,则本地非特权用户可以导致所有对UFS文件系统的写入挂起,之后无法继续运行应用程序和命令,这是一种拒绝服务;此外,如果root(/)文件系统为UFS,还可以导致系统挂起。 CR 6679732 如果x86系统在以32位模式运行OpenSolaris snv_86到snv_91且至少存在一个UFS文件系统,则本地非特权用户可以导致忙碌。 当出现6442712和6425723漏洞时,挂起的内核线程栈类似于: bmap_write+0x50() ufs_getpage+0x438() fop_getpage+0x44() segmap_getmapflt+0x588() wrip+0x63c() ufs_write+0x580() fop_write+0x20() write+0x268() syscall_trap32+0xcc() 6679732忙碌漏洞栈类似于: vcmn_err+16() real_panic_v+10c() ufs_fault_v+104() ufs_fault+3a() ufs_putapage+596() ufs_putpages+2a9() ufs_putpage+16c() fop_putpage+49() segmap_release+2da() wrip+8d4() ufs_write+4d2() fop_write+4a() 并生成以下形式的忙碌消息: ufs_putapage: bn == UFS_HOLE Sun Solaris 10.0 Sun OpenSolaris 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: * 向/etc/system文件添加以下项并重启系统: set segmap_kpm = 0x0 厂商补丁: Sun --- Sun已经为此发布了一个安全公告(Sun-Alert-254628)以及相应补丁: Sun-Alert-254628:Security Vulnerabilities in the UFS File System Relating to ufs_getpage() and ufs_putpage() Routines May Allow a Local User to Hang or Panic the System 链接:<a href=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-254628-1 target=_blank rel=external nofollow>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-254628-1</a> |
| id | SSV:4939 |
| last seen | 2017-11-19 |
| modified | 2009-03-23 |
| published | 2009-03-23 |
| reporter | Root |
| title | Sun Solaris UFS文件系统多个本地拒绝服务漏洞 |
References
- http://secunia.com/advisories/34331
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-254628-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-103.htm
- http://www.securityfocus.com/bid/34137
- http://www.securitytracker.com/id?1021850
- http://www.vupen.com/english/advisories/2009/0742
- http://www.vupen.com/english/advisories/2009/0876
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49283