|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Solaris: denial of service of Crypto Driver
Synthesis of the vulnerability
A local attacker can use an ioctl in order to stop the system via a vulnerability of Crypto Driver.
Impacted systems: OpenSolaris, Solaris.
Severity of this alert: 1/4.
Consequences of an intrusion: denial of service on server.
Pirate's origin: user shell.
Creation date: 05/03/2009.
Références of this alert: 254088, 6767649, BID-34000, CVE-2009-0838, VIGILANCE-VUL-8513.
Description of the vulnerability
The uts/common/crypto/io/crypto.c file implements the cryptographic driver of Solaris.
A local user can use an ioctl to obtain information on a cryptographic session. The object_get_attribute_value() function fills in these information.
However, this function does not initialize the u_attrs pointer to NULL. If the session is not valid, an error occurs and then this pointer is freed because it is not NULL, which panics the kernel.
A local attacker can therefore use an ioctl in order to stop the system via a vulnerability of Crypto Driver.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides application vulnerability bulletins. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.