Executive Summary

Summary
Title Sun Alert 254628 Security Vulnerabilities in the UFS File System Relating to ufs_getpage() and ufs_putpage() Routines May Allow a Local User to Hang or Panic the System
Informations
Name SUN-254628 First vendor Publication 2009-03-16
Vendor Sun Last vendor Modification 2009-03-16
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.9 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System OpenSolaris
Several vulnerabilities in the UFS file system involving the ufs_getpage()
and ufs_putapage() routines may lead to a system hang or a system panic.
The specific impact for each of the issues are as follows:

CR 6442712
A local unprivileged user may be able to cause all writes to a UFS
filesystem to hang on x86 systems running OpenSolaris builds snv_39
through snv_45 in 64-bit mode. This can then prevent applications and
commands from succeeding which is a type of Denial of Service (DoS). In
addition, if the root (/) filesystem is UFS then this may lead to a system
hang which is a type of Denial of Service (DoS).

CR 6425723
A local unprivileged user may be able to cause all writes to a UFS
filesystem to hang on SPARC sun4v systems running Solaris 10 with patch
138888-01 or later and without patch 139483-05 or OpenSolaris builds
snv_47 through snv_85. This can then prevent applications and
commands from succeeding which is a type of Denial of Service (DoS). In
addition, if the root (/) filesystem is UFS then this may lead to a system
hang which is a type of Denial of Service (DoS).

CR 6679732
A local unprivileged user may be able to panic x86 systems running
OpenSolaris builds snv_86 through snv_91 in 32-bit mode with at least one
UFS filesystem present.


State: Resolved
First released: 16-Mar-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_254628_security_vulnerabilities

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 54
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
52974 OpenSolaris 64-bit UFS Filesystem Functionality ufs_getpage / ufs_putapage Ro...

52973 Solaris UFS Filesystem Functionality ufs_getpage / ufs_putapage Routines Unsp...

52972 OpenSolaris 32-bit UFS Filesystem Functionality ufs_getpage / ufs_putapage Ro...