Sun Solaris ACE_SETACL Local Denial Of Service Vulnerability

Bugtraq ID:	23863
Class:	Input Validation Error
CVE:	CVE-2007-2529
Remote:	No
Local:	Yes
Published:	May 07 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	The discoverer of this issue wishes to remain anonymous.
Vulnerable:	Sun Solaris 10_x86 Sun Solaris 10_sparc Avaya Interactive Response 2.0
Not Vulnerable:

Sun Solaris ACE_SETACL Local Denial Of Service Vulnerability

Sun Solaris is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue on an affected computer to cause a kernel panic, resulting in a denial-of-service condition.

Presumably, attackers may be able to exploit this issue on 64-bit systems to execute arbitrary code, but this has not been confirmed. We will update this BID as more information emerges.

Solaris 10 is vulnerable; prior versions may also be affected.

Sun Solaris ACE_SETACL Local Denial Of Service Vulnerability

To exploit this issue, an attacker must be able to execute 'facl()' system calls.

Sun Solaris ACE_SETACL Local Denial Of Service Vulnerability

Solution:
The vendor has released patches to address this issue. Please see the references for more information.


Sun Solaris 10_x86

• Sun 125101-06
  http://sunsolve.sun.com/private-cgi/pdownload.pl?target=125101-06&meth od=h

Sun Solaris ACE_SETACL Local Denial Of Service Vulnerability

References:

• Sun Microsystems Home Page (Sun Microsystems)
  
• iDefense Security Advisory 05.07.07: Sun Microsystems Solaris ACE_SETACL Integer (iDefense Labs)
  
• iDefense Security Advisory 05.07.07: Sun Microsystems Solaris ACE_SETACL Intege (iDefense Labs)
  
• ASA-2007-243 Security Vulnerability Relating to the acl(2) System Call May Allow (Avaya)
  
• Sun Alert ID: 102869 (Sun)