Sun Solaris /dev/poll Null指针废弃本地拒绝服务攻击漏洞
发布日期:2002-07-05
更新日期:2002-07-15
受影响系统:
Sun Solaris 8.0_x86
Sun Solaris 8.0
描述:
BUGTRAQ ID:
5171
Solaris是一款由Sun Microsystems公司开发的UNIX操作系统。
Solaris在处理/dev/poll设备时存在漏洞,本地攻击者可以利用这个漏洞使内核产生错误。
本地非特权用户可以通过使用/dev/poll设备导致内核在尝试废弃NULL指针时产生错误。如果使用默认libthread也会引起同样问题。产生内核问题时在/var/adm/messages文件中可以找到如下的类似信息:
[...] unix: [ID 340138 kern.notice] BAD TRAP: type=31 rp=... addr=0 mmu_fsr=0
occurred in module "unix" due to a NULL pointer dereference
[...] unix:die+80 (31, 0, 10414f78, 0, 2a10080b730, d25a0000)
[...] unix:trap+8b8 (0, 1, 5, 0, 2a10080b730, 0)
[...] unix:sfmmu_tsb_miss+640 (104286e0, 0, 30000209f88, 0, 30000209f88, 19)
[...] unix:prom_rtt+0 (0, 0, 1045a000, 2a10080bec0, 0, ffbef9dd)
[...] genunix:sigwaiting_send+54 (0, 0, 0, 30001d70ad8, 3, 30001d7f1b0)
[...] genunix:schedctl_block+64 (30001b02f40, 30001d714f0, 0, 30001d70ad8,
30001d70ad8, 2a10080bba0) )
<*来源:Sun Alert Notification
链接:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45300&zone_32=45300
*>
建议:
厂商补丁:
Sun
---
Sun已经为此发布了一个安全公告(45300)以及相应补丁:
45300:The Use of "/dev/poll" May Panic a System
链接:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/45300&type=0&nav=sec.sba
补丁下载:
SPARC
Solaris 8 with patch 108528-15 or later
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108528&rev=15
Intel
Solaris 8 with patch 108529-15 or later
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108529&rev=15
浏览次数:4150
严重程度:0(网友投票)