|Title:||A Security Vulnerability in the USB Mouse STREAMS Module May Lead to a System Panic|
|Copyright Notice:||Copyright © 2008 Sun Microsystems, Inc. All Rights Reserved|
|Update Date:||Tue Feb 05 00:00:00 MST 2008|
Solution Type Sun Alert
Solution 201316 : A Security Vulnerability in the USB Mouse STREAMS Module May Lead to a System Panic
Solaris 9 Operating System Solaris 10 Operating SystemDate of Resolved Release
05-FEB-2008SA Document Body
A Security Vulnerability in the USB Mouse STREAMS Module May Lead to a System Panic (see details below)
A security vulnerability in the USB Mouse STREAMS module (usbms(7M)) may allow a local unprivileged user to panic the system. This is a type of Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
Note: Solaris 8 is not impacted by this issue.
$ isainfo -bThis issue only affects systems which have a USB mouse connected. To determine if a USB mouse is connected to the system, the following command can be run:
$ cfgadm | grep usb-mouse || echo "System not impacted"
If the described issue occurs, the system may panic with a panic string similar to the following:
BAD TRAP: type=e (#pf Page fault) rp=fffffe8000a4a970 addr=100000027
occurred in module "genunix" due to an illegal access to a user address
And a stack trace similar to the following:
There is no workaround for this issue. Please see the Resolution section below.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.