14 september, 2009
| Document Audience: | PUBLIC | |
| Document ID: | 266228 | |
| Title: | Security Vulnerability in lx Branded Zones May Result in Denial of Service (DoS) | |
| Copyright Notice: | Copyright © 2009 Sun Microsystems, Inc. All Rights Reserved | |
| Update Date: | Wed Sep 09 00:00:00 MDT 2009 | |
Solution Type Sun Alert
Solution 266228 : Security Vulnerability in lx Branded Zones May Result in Denial of Service (DoS)
Bug ID
6818191
ProductSolaris 10 Operating System OpenSolaris
Date of Resolved Release09-Sep-2009
SA Document BodySecurity Vulnerability in lx Branded Zones May Result in Denial of Service (DoS)
1. ImpactA security vulnerability in lx branded zones may allow a a local unprivileged user to panic a Solaris x86 Intel-based system running in 64-bit mode, which is a type of Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
x86 Platform
- Solaris 10 with patch 120012-14 and without patch 141415-10
- OpenSolaris based upon builds snv_49 through snv_117
1. Solaris 8 and 9 and Solaris on the SPARC platform are not impacted by this issue
2. This issue only affects Intel-based systems running in 64 bit mode. amd64 machines are not impacted by this issue. To determine if a system is Intel-based, the following command can be run:
$ psrinfo -vp
x86 (GenuineIntel 10676 family 6 model 23 step 6 clock 3166 MHz)
Intel(r) Core(tm)2 Duo CPU E8500 @ 3.16GHz
$ isainfo -b
64
$ zoneadm list -v
ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 lx-zone running /zones/lx-zone lx shared
$ uname -v
snv_86
Should the described issue occur, the system will panic with output similar to the following:
panic[cpu0]/thread=ffffff02e58edac0:
BAD TRAP: type=8 (#df Double fault) rp=fffffffffbc36db0 addr=0
zsh:
#df Double fault
pid=4702, pc=0xfffffffffb852019, sp=0xffffff00104a0f60, eflags=0x10086
cr0: 8005003b<pg,wp,ne,et,ts,mp,pe> cr4: 6f8<xmme,fxsr,pge,mce,pae,pse,de>
cr2: ffffff00104a0f58
cr3: 1efe18000
cr8: c
rdi: fec44480 rsi: fedb2a00 rdx: febc18f5
rcx: 4b r8: fffffffffbc4db30 r9: ffffff02d4569580
rax: 3fb28f5b30 rbx: fec40000 rbp: ffffff00104a1050
r10: fecff3db2a00ffff r11: ffffff02e58edac0 r12: 0
r13: 0 r14: ffffff02eb2db1e0 r15: 3fb28f5b30
fsb: 0 gsb: fffffffffbc2dff0 ds: 4b
es: 4b fs: 0 gs: 1c3
trp: 8 err: 0 rip: fffffffffb852019
cs: 30 rfl: 10086 rsp: ffffff00104a0f60
ss: 38
tss.tss_rsp0: 0xffffff00104a6000
tss.tss_rsp1: 0x0
tss.tss_rsp2: 0x0
tss.tss_ist1: 0xfffffffffbc36ea0
tss.tss_ist2: 0x0
tss.tss_ist3: 0x0
tss.tss_ist4: 0x0
tss.tss_ist5: 0x0
tss.tss_ist6: 0x0
tss.tss_ist7: 0x0
fffffffffbc36c90 unix:die+10f ()
fffffffffbc36da0 unix:trap+152c ()
ffffff00104a1050 unix:bcopy_ck_size+73d8 ()
ffffff00104a1140 unix:cmntrap+c5 ()
ffffff00104a1230 unix:cmntrap+c5 ()
...
There is no workaround for this issue. Please see the Resolution section below.
5. Resolution
This issue is addressed in the following releases:
x86 Platform
- Solaris 10 with patch 141415-10 or later
- OpenSolaris based upon builds snv_118 or later
This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.