BID:26131

Sun Solaris Kernel Statistics Retrieval Process Multiple Local Denial of Service Vulnerabilities

Info

Sun Solaris Kernel Statistics Retrieval Process Multiple Local Denial of Service Vulnerabilities

Bugtraq ID:	26131
Class:	Unknown
CVE:	CVE-2007-5632
Remote:	No
Local:	Yes
Published:	Oct 18 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10_x86 Sun Solaris 10_sparc Avaya Interactive Response 1.3 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 14.0 Avaya CMS Server 13.1

Not Vulnerable:

Discussion

Sun Solaris Kernel Statistics Retrieval Process Multiple Local Denial of Service Vulnerabilities

Sun Solaris is prone to multiple local denial-of-service vulnerabilities that stem from unspecified errors when retrieving kernel statistics.

Local attackers may exploit these issues to cause the kernel to panic, denying service to legitimate users.

These issues affect Sun Solaris 8, 9, 10 for SPARC and x86 architectures.

Exploit / POC

Sun Solaris Kernel Statistics Retrieval Process Multiple Local Denial of Service Vulnerabilities

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Sun Solaris Kernel Statistics Retrieval Process Multiple Local Denial of Service Vulnerabilities

Solution:
Sun has released an advisory and fixes to address these issues. Please see the references for more information.

Sun Solaris 8_x86

Sun 117351-50
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117351-50-1

Sun Solaris 8_sparc

Sun 117350-50
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117350-50-1

Sun Solaris 9_x86

Sun 122301-13
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -122301-13-1

References

Sun Solaris Kernel Statistics Retrieval Process Multiple Local Denial of Service Vulnerabilities

References:

Sun Solaris Home Page (Sun Microsystems)
ASA-2007-452 - Security Vulnerabilities in Solaris Kernel Statistics Retrieval P (Avaya)
Sun Alert ID: 103064 Security Vulnerabilities in Solaris Kernel Statistics Retri (Sun Microsystems)