Executive Summary

Summary
Title Sun Alert 233921 A Security Vulnerability in Floating Point Context Switch Implementation May Result in a Denial of Service (DoS) or Data Integrity Issues
Informations
Name SUN-233921 First vendor Publication 2008-04-03
Vendor Sun Last vendor Modification 2008-04-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:C/A:C)
Cvss Base Score 6.6 Attack Range Local
Cvss Impact Score 9.2 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 9 Operating System, Solaris 10 Operating System

There are four issues that may occur with this Bug:

1.?? A security vulnerability in the Solaris floating point context switch implementation may allow a local unprivileged user to cause an arbitrary application running on the system to exit, resulting in a Denial of Service (DoS) to that application. It is not possible to target a particular application on the system to terminate.

2. An application executing floating point operations on the system may get incorrect results due to data corruption.

3.?? An application, on invoking signal handlers under certain conditions, may cause an arbitrary application running on the system to get incorrect results leading to data integrity issues. It is not possible to target a particular application to lead to incorrect results.

4. An application on Solaris 10 using libc(3LIB) functions memcpy(3C) or memset(3C) or memmove(3C) may get incorrect results, leading to data integrity issues.

State: Resolved
First released: 03-Apr-2008
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-233921-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_233921_a_security

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:4950
 
Oval ID: oval:org.mitre.oval:def:4950
Title: A Security Vulnerability in Floating Point Context Switch Implementation May Result in a Denial of Service (DoS) or Data Integrity Issues
Description: Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1778
 Version: 1
Platform(s): Sun Solaris 9
Sun Solaris 10
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
44366 Solaris Floating Point Context Switch Multiple Method Local DoS

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-02-06 19:08:14
  • Multiple Updates