Vulnerability Note VU#390742

Sun Solaris Volume Manager (SVM) fails to properly handle malformed probe requests

Overview

There is a vulnerability in the Sun Solaris Volume Manager (SVM) that could allow a local user to cause a denial-of-service condition.

I. Description

The Sun Volume Manager is a component of the Solaris operating system and provides disk and storage management. There is a vulnerability in the way the Sun Volume Manager handles certain types of probe requests. By supplying an incorrectly formed probe request, a local user could cause a denial-of-service condition on a Solaris 9 system with this service configured.

II. Impact

A local user could cause a denial-of-service condition.

III. Solution

Apply patch

Sun has issued an advisory which addresses this issue. For more information on patches available for your system, please refer to Sun Security Alert 57598.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Sun Microsystems Inc.	Vulnerable	26-Jul-2004

References

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57598
http://www.sun.com/bigadmin/descAll/suns_volume_manager_.html
http://www.securitytracker.com/alerts/2004/Jul/1010736.html
http://secunia.com/advisories/12104/

Credit

This vulnerability was reported by Sun Microsystems.

This document was written by Damon Morda.

Other Information

Date Public:	2004-07-16
Date First Published:	2004-07-26
Date Last Updated:	2004-07-26
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	2.70
Document Revision:	7

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader