Executive Summary

Summary
Title Sun Alert 249586 Security Vulnerability in the Solaris Pseudo-terminal Driver (pty(7D)) may Cause a System Panic
Informations
Name SUN-249586 First vendor Publication 2009-01-22
Vendor Sun Last vendor Modification 2009-01-22
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.9 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 8 Operating System Solaris 9 Operating System Solaris 10 Operating System OpenSolaris

A race condition security vulnerability in the Solaris pseudo-terminal driver (pty(7D)) module may allow a local unprivileged user to panic the system causing a Denial of Service (DoS).

State: Resolved
First released: 22-Jan-2009
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-249586-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_249586_security_vulnerability

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6061
 
Oval ID: oval:org.mitre.oval:def:6061
Title: Security Vulnerability in the Solaris Pseudo-terminal Driver (pty(7D)) may Cause a System Panic
Description: Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0268
 Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 327
Os 6

OpenVAS Exploits

Date Description
2009-06-03 Name : Solaris Update for logindmux, ptsl, ms, bufmod, llc1, kb, zs, zsh, ptem 1136...
File : nvt/gb_solaris_113685_07.nasl
2009-06-03 Name : Solaris Update for logindmux/llc1/ptsl/bufmod/ptem 113686-06
File : nvt/gb_solaris_113686_06.nasl
2009-06-03 Name : Solaris Update for ptsl 140426-01
File : nvt/gb_solaris_140426_01.nasl
2009-06-03 Name : Solaris Update for ptsl 140427-01
File : nvt/gb_solaris_140427_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52541 Solaris Pseudo-terminal (aka pty) Driver Module Unspecified Local DoS

Solaris contains a flaw that may allow a local denial of service. The issue is triggered by an unspecified race condition in the pty driver module, and will result in loss of availability for the platform.

Nessus® Vulnerability Scanner

Date Description
2009-02-02 Name : The remote host is missing Sun Security Patch number 140426-01
File : solaris9_140426.nasl - Type : ACT_GATHER_INFO
2009-02-02 Name : The remote host is missing Sun Security Patch number 140427-01
File : solaris9_x86_140427.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 113685-07
File : solaris8_113685.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 113686-06
File : solaris8_x86_113686.nasl - Type : ACT_GATHER_INFO