Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
3d91655fa2393c0db845b654ddc0d6d4a86ef4f991a49d1ad0b87b8cbd7b0f8f
----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics
Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/
Stay Secure,
Secunia
----------------------------------------------------------------------
TITLE:
Sun Solaris DTrace ioctl Handlers Denial of Service
SECUNIA ADVISORY ID:
SA34836
VERIFY ADVISORY:
http://secunia.com/advisories/34836/
DESCRIPTION:
Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
The vulnerability is caused due to an unspecified error within the
DTrace ioctl handlers, which can be exploited to cause a system
panic.
Successful exploitation requires that the SUNWdtrp package is
installed.
The vulnerability is reported in Solaris 10 for the SPARC and x86
platform and OpenSolaris based upon builds snv_01 through snv_113.
SOLUTION:
A final resolution for Solaris 10 is pending. As a workaround, the
vendor recommends to restrict access to vulnerable devices (see
vendor's advisory for additional information).
OpenSolaris:
Fixed in OpenSolaris based upon builds snv_114 or later.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Neil Kettle.
ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-257708-1
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------