安全研究

安全漏洞
Sun Solaris重负载下内核死锁崩溃漏洞

发布日期:2003-06-26
更新日期:2003-07-02

受影响系统:
Sun Solaris 8.0_x86
Sun Solaris 8.0
描述:
BUGTRAQ  ID: 8054

Solaris是一款由Sun Microsystems公司开发和维护的商业性质UNIX操作系统。

Solaris 8.0在系统负载重的时候存在内核崩溃的可能,本地攻击者可以利用这个漏洞通过建立死锁条件而触发此漏洞。

当系统出现崩溃或挂起时,跟踪内核堆栈类似如下信息:

    unix: swtch ()
    genunix: turnstile_block+0x60c (0x300157805e0,0x0, ...
    unix: mutex_vector_enter+0x374 (0x10425218,0x10419288, ...
    unix: mutex_enter ()
    unix: page_relocate_hash+0x5c (0x10428288,0x10425218, ...
    unix: platform_page_relocate+0x194 (0x31042af91a0,...
    unix: page_get_contig_pages+0x174 (0x0,0x18,0x0,0x31042af91a0,0x0,0x10b)
    unix: page_get_mnode_freelist+0x328 (0x0,0x0,0x0,0x0,0x0,0x0)
    unix: page_get_freelist ()
    genunix: anon_map_getpages+0x1a0 (0x200,0x10059034,0x400000, ...
    genunix: segspt_create+0x190 (0x5c00,0x2a1013ab818,0x300296bfe18, ...
    genunix: as_map+0x160 (0x10413800,0x300296bfe18,0x30015d1ccc8, ...
    genunix: sptcreate+0x80 (0x30015d1cc98,0x30028b0b1b8,0x30028b0b1b8, ...
    shmsys: shmat+0x5bc (0x104ab800,0x0,0x30000c70948,0x23,0x2a1013aba38, ...
    shmsys: shmsys+0x60 (0x0,0x23,0x0,0x4000,0x0,0x3aa1c)
    genunix: indir+0xa4 (0x1044a240,0x0,0x23,0x0,0x4000,0x0)
    unix: syscall_trap32+0xa8 (0x34,0x0,0x23,0x0,0x4000,0x0)    

目前还没有漏洞的具体细节提供。

<*来源:Sun(sm) Alert Notification
  
  链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F53584
*>

建议:
厂商补丁:

Sun
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

Sun Solaris 8.0 _x86:

Sun Patch 108529-21
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108529&rev=21

Sun Solaris 8.0:

Sun Patch 108528-21
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108528&rev=21

浏览次数:2955
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障