http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45400

Sun issued a security Alert (45400) warning that a local user may be
able to disable the Solaris console(7D).  The local user may be able to
prevent future logins to the console device (/dev/console).

Solaris 2.5.1, 2.6, 7, and 8 are affected on both SPARC and Intel
platforms.  Solaris 9 is not affected.

Sun has assigned this BugIDs #4657339.

Sun notes that after a successful exploit, the following type of error
messages will be displayed to the console after the user logs out:

    push (ldterm) on /dev/console failed, errno = 89
    push (ldterm) on /dev/console failed, errno = 89
    push (ldterm) on /dev/console failed, errno = 89
    [....]            

This will reportedly be followed by:

    INIT: Command is respawning too rapidly. Check for possible errors.
    id:  co "/usr/lib/saf/ttymon -g -h -p "`uname -n` console login: "
-T sun
    -d /dev/console -l console -m ldterm,ttcompat            

            
To recover from such a vulnerability, Sun provides the following steps:

   1. Login to the affected system from a remote networked system as a
normal unprivileged user (using "telnet" or "rlogin" for example)
   2. Become the super user and run the following two commands:

# /usr/sbin/devfsadm
# /sbin/init q                    

For non-networked systems, Sun indicates that a system reboot is
required to recover from an attack.


Sun as released the following patches:

SPARC

    * Solaris 2.5.1 with patch 106396-02 or later
    * Solaris 2.6 with patch 110990-02 or later
    * Solaris 7 with patch 111350-02 or later
    * Solaris 8 with patch 111325-02 or later
    * Solaris 9

Intel

    * Solaris 2.5.1 with patch 106397-02 or later
    * Solaris 2.6 with patch 110991-02 or later
    * Solaris 7 with patch 111351-02 or later
    * Solaris 8 with patch 111326-02 or later
    * Solaris 9