Executive Summary

Summary
Title Sun Alert 102947 A Security Vulnerability Resulting From Solaris 10 fcp(7D) and devfs(7FS) Interaction May Allow Certain File Operations to Cause a System Hang
Informations
Name SUN-102947 First vendor Publication 2007-11-29
Vendor Sun Last vendor Modification 2007-11-29
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.7 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System

A security vulnerability with Fibre Channel Protocol driver (fcp(7D)) and Devices File System (devfs(7FS)) in Solaris 10 may allow a local unprivileged user to cause commands such as cfgadm(1M) or format(1M) to hang when run, or cause the system as a whole to hang. This is a type of denial of service (DoS) to the system.

Note: This issue may also occur accidentally and not as a result of a Denial of Service attempt.

Avoidance: Patch
State: Resolved
First released: 29-Nov-2007

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_102947_a_security

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 1

Open Source Vulnerability Database (OSVDB)

Id Description
40827 Solaris fcp / devfs cfgadm Local Race Condition DoS

40826 Solaris fcp / devfs format Local Race Condition DoS