BID:25993

Sun Solaris Trusted Extensions labeld Service Local Denial of Service Vulnerabilities

Info

Sun Solaris Trusted Extensions labeld Service Local Denial of Service Vulnerabilities

Bugtraq ID:	25993
Class:	Unknown
CVE:	CVE-2007-5368
Remote:	No
Local:	Yes
Published:	Oct 09 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Sun Solaris 10_x86 Sun Solaris 10_sparc

Not Vulnerable:	Sun Solaris 9_sparc Sun Solaris 8_sparc

Discussion

Sun Solaris Trusted Extensions labeld Service Local Denial of Service Vulnerabilities

Sun Solaris is prone to multiple local denial-of-service vulnerabilities that stem from unspecified errors in Solaris Trusted Extensions 'labeld' label daemon. Local attackers may exploit these issues to deny service to legitimate users.

These versions are affected:

Solaris 10 x86
Solaris 10 SPARC

Exploit / POC

Sun Solaris Trusted Extensions labeld Service Local Denial of Service Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Sun Solaris Trusted Extensions labeld Service Local Denial of Service Vulnerabilities

Solution:
Sun has released an advisory and fixes to address these issues. Please see the references for more information.

Sun Solaris 10_sparc

Sun Sun Solaris Patch 126448-04 (SPARC)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -126448-04-1

Sun Solaris 10_x86

Sun Sun Solaris Patch 126449-04 (x86)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -126449-04-1

References

Sun Solaris Trusted Extensions labeld Service Local Denial of Service Vulnerabilities

References:

Sun Solaris Home Page (Sun Microsystems)
Sun Alert ID: 103109 Security Vulnerabilities in the Solaris Trusted Extensions (Sun Microsystems)