SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Generic)  >  Adb Vendors:  Sun
Sun Solaris 'adb' Debugger May Let Local Users Trigger a Kernel Panic
SecurityTracker Alert ID:  1004627
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 25 2002
Impact:  Denial of service via local system
Fix Available:  Yes   Vendor Confirmed:  Yes  
Description:  A vulnerability was reported in the 'adb' debugger on Sun Solaris. A local user may be able to cause the system to panic.

Sun issued a Sun Alert announcing that a local user can invoke adb(1M) to cause the Solaris operating system to panic, in certain situations. No futher details on the cause was provided.

If successfully exploited, the system crash dump may show that a user was running adb(1M) at the time of the panic. Also, a "Trap Type 9 Data Fault" may occur on the CPU that adb(1M) is running on.

Sun notes that Solaris 2.5.1 has been tested and shown not vulnerable, apparently due to having a different adb(1M) design.
Impact:  A local user may be able to cause a kernel panic.
Solution:  Sun has fixed this flaw Solaris 8 and later releases and has issued the following patches:

SPARC

* Solaris 2.6 with patch 105181-32 or later
* Solaris 7 with patch 106541-20 or later

Intel

* Solaris 2.6 with patch 105182-32 or later
* Solaris 7 with patch 106542-20 or later
Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45241 (Links to External Site)
Cause:  Not specified
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  Solaris 2.6, 7; SPARC and Intel

Message History:   None.

 Source Message Contents
Date:  Tue, 25 Jun 2002 09:16:37 -0400
Subject:  Sun Alert 45241

 

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45241

Sun issued Sun Alert 45241 announcing that a local user can invoke
adb(1M) to cause the Solaris operating system to panic, in certain
situations.

If successfully exploited, the system crash dump may show that a user
was running adb(1M) at the time of the panic.  Also, a "Trap Type 9 Data
Fault" may occur on the CPU that adb(1M) is running on.

Sun has assigned this flaw BugID 4190080.

Solaris 2.6 and 7 are affected on both SPARC and Intel platforms.  Sun
notes that Solaris 2.5.1 has been tested and shown not vulnerable,
apparently due to having a different adb(1M) design.

Sun has fixed this flaw Solaris 8 and later releases.

Sun has released the following patches:

SPARC

    * Solaris 2.6 with patch 105181-32 or later
    * Solaris 7 with patch 106541-20 or later

Intel

    * Solaris 2.6 with patch 105182-32 or later
    * Solaris 7 with patch 106542-20 or later


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC