The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Solaris: denial of service during a BSM audit

Synthesis of the vulnerability 

A local attacker can stop system during BSM audit on a file.
Impacted products: Solaris.
Severity of this bulletin: 1/4.
Creation date: 02/05/2007.
Références of this threat: 102900, 4714273, BID-23751, VIGILANCE-VUL-6777.

Description of the vulnerability 

BSM audit (Basic Security Module) permits to log security events occurring on system:
  0x00000001:fr:file read
  0x00000002:fw:file write
  0x00000004:fa:file attribute access
  0x00000008:fm:file attribute modify
  0x00000010:fc:file create
  0x00000020:fd:file delete
  0x00000040:cl:file close
  0x00001000:lo:login or logout

The fchownat() system call permits to change user/group of a file, relative to a directory:
  int fchownat(int dirfd, const char *path, uid_t owner, gid_t group, int flags);

When "fr", "fw", "fm", "fc" or "fd" classes are audited, a call to fchownat() panics the system.

This vulnerability therefore permits a local attacker to generate a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability bulletin impacts software or systems such as Solaris.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat 

Solaris: patch for BSM.
A patch is available:
    * Solaris 9 : patch 122300-06
    * Solaris 9 : patch 122301-06
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides system vulnerability patches. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.