Sun Solaris Thread Handling Local Denial Of Service Vulnerability

Bugtraq ID:	25821
Class:	Race Condition Error
CVE:	CVE-2007-5132
Remote:	No
Local:	Yes
Published:	Sep 26 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10_x86 Sun Solaris 10_sparc Avaya Interactive Response 1.3 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 14.0 Avaya CMS Server 13.1
Not Vulnerable:

Sun Solaris Thread Handling Local Denial Of Service Vulnerability

Sun Solaris is prone to a local denial-of-service vulnerability because of a race condition in the affected kernel.

An attacker could exploit this issue to cause a kernel panic, denying further service to legitimate users

Sun Solaris Thread Handling Local Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Sun Solaris Thread Handling Local Denial Of Service Vulnerability

Solution:
Sun has released an advisory and fixes to address this issue. Please see the references for more information.


Sun Solaris 9_x86

• Sun 122301-10
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -122301-10-1

Sun Solaris 10_x86

• Sun 125101-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125101-02-1

Sun Solaris Thread Handling Local Denial Of Service Vulnerability

References:

• Sun Solaris Home Page (Sun Microsystems)
  
• ASA-2007-403 - A Security Vulnerability in the Handling of Thread Contexts in th (Avaya)
  
• Sun Alert ID: 103084 (Sun Microsystems)