<<< Date Index >>>     <<< Thread Index >>>

RE: Sun M-class hardware denial of service



> From: Theo de Raadt [mailto:deraadt@xxxxxxxxxxxxxxx] 
> Sent: Tuesday, 09 September, 2008 17:28
> To: B 650
> Cc: bugtraq@xxxxxxxxxxxxxxxxx
> 
> > I apologise if I'm misunderstanding you, but it seems to me that
this 
> > issue can only be initiated by a privileged user on a domain.
> 
> If one domain can be broken into, and a Solaris kernel module 
> is loaded which then crashes that one domain, the entire 
> machine eventually has to be powered off to recover that one domain.

I agree with Theo. This is a privilege-escalation DOS attack, pure and
simple. A user with sufficient privilege in one domain, but not
necessarily in others, can 1) force that domain down for an extended
time, and/or 2) force all domains down.

"Privilege" isn't an absolute; there are degrees of privilege, and this
bug lets a user do more damage than their degree of privilege should
allow.

-- 
Michael Wojcik
Principal Software Systems Developer, Micro Focus