Sun Solaris NFSv4 Client Kernel Module Local Denial of Service Vulnerability

Bugtraq ID:	30753
Class:	Design Error
CVE:	CVE-2008-6024
Remote:	No
Local:	Yes
Published:	Aug 19 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Reported by the vendor
Vulnerable:	Sun Solaris 10_x86 Sun Solaris 10_sparc Sun OpenSolaris build snv_36 Sun OpenSolaris build snv_22 Sun OpenSolaris build snv_19 Sun OpenSolaris build snv_13 Sun OpenSolaris build snv_02 Sun OpenSolaris build snv_01
Not Vulnerable:

Sun Solaris NFSv4 Client Kernel Module Local Denial of Service Vulnerability

Sun Solaris is prone to a local denial-of-service vulnerability that affects the NFSv4 client kernel module.

Local unprivileged attackers who cooperate with a remote privileged victim on an NFSv4 server may exploit this issue to cause all NFSv4 mounts to become unresponsive, denying service to legitimate users.

Sun Solaris NFSv4 Client Kernel Module Local Denial of Service Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Sun Solaris NFSv4 Client Kernel Module Local Denial of Service Vulnerability

Solution:
The vendor has released fixes and an advisory. Please see the references for more information.


Sun Solaris 10_x86

• Sun 137112-05
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -137112-05-1

Sun Solaris NFSv4 Client Kernel Module Local Denial of Service Vulnerability

References:

• Solaris Homepage (Sun Microsystems)
  
• Sun Security Advisory 240546 (Sun Microsystems)