The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability bulletin CVE-2009-0838

Solaris: denial of service of Crypto Driver

Synthesis of the vulnerability

A local attacker can use an ioctl in order to stop the system via a vulnerability of Crypto Driver.
Impacted systems: OpenSolaris, Solaris.
Severity of this alert: 1/4.
Consequences of an intrusion: denial of service on server.
Pirate's origin: user shell.
Creation date: 05/03/2009.
Références of this alert: 254088, 6767649, BID-34000, CVE-2009-0838, VIGILANCE-VUL-8513.

Description of the vulnerability

The uts/common/crypto/io/crypto.c file implements the cryptographic driver of Solaris.

A local user can use an ioctl to obtain information on a cryptographic session. The object_get_attribute_value() function fills in these information.

However, this function does not initialize the u_attrs pointer to NULL. If the session is not valid, an error occurs and then this pointer is freed because it is not NULL, which panics the kernel.

A local attacker can therefore use an ioctl in order to stop the system via a vulnerability of Crypto Driver.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides application vulnerability bulletins. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.