Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[UNIX] Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS

from [SecuriTeam] Network Security [Permanent Link]
Subject: [UNIX] Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS
Date: 8 May 2007 12:51:16 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS
------------------------------------------------------------------------


SUMMARY

 <http://www.sun.com/software/solaris/> Solaris is a UNIX operating system 
developed by Sun Microsystems.

Local exploitation of an integer signedness error in Sun Microsystem's 
Solaris could allow attackers to cause a kernel panic, leading to a DoS 
condition on the affected computer.

DETAILS

Vulnerable Systems:
 * Solaris version 10 on x86 and SPARC architectures.

The facl() system call is used to set access controls on a file. Due to an 
improper check on one of the arguments passed to this function, an 
attacker can cause the kernel allocate a large amount of memory which 
causes a kernel panic.

Exploitation of this vulnerability would most likely result in a DoS 
condition on the affected host. However, there are other functions called 
by this function that use the result of the multiplication performed to 
allocate memory. On a 64 bit kernel with several gigabytes of RAM, code 
execution may be possible. Fixing this vulnerability will also fix the 
later vulnerabilities.

Vendor Status:
Sun Microsystems has addressed this vulnerability by releasing patches. 
More information is available from Sun Alert ID 102869 at the following 
URL.
 <http://sunsolve.sun.com/search/document.do?assetkey=1-26-102869-1> 
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102869-1

Disclosure Timeline:
 * 11/07/2006 - Initial vendor notification
 * 11/10/2006 - Initial vendor response
 * 05/07/2007 - Coordinated public disclosure


ADDITIONAL INFORMATION

The information has been provided by iDefense.
The original article can be found at:
 
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=524> 
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=524



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [UNIX] Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS, SecuriTeam <=
Previous by Date:  [EXPL] Versalsoft HTTP File Upload ActiveX 6.36 AddFile DoS (Exploit), SecuriTeam
Next by Date:  [NT] Microsoft Word RTF File Parsing Heap Corruption Vulnerability, SecuriTeam
Previous by Thread:  [EXPL] Versalsoft HTTP File Upload ActiveX 6.36 AddFile DoS (Exploit), SecuriTeam
Next by Thread:  [NT] Microsoft Word RTF File Parsing Heap Corruption Vulnerability, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]