RE: Sun M-class hardware denial of service
> From: Theo de Raadt [mailto:deraadt@xxxxxxxxxxxxxxx]
> Sent: Tuesday, 09 September, 2008 17:28
> To: B 650
> Cc: bugtraq@xxxxxxxxxxxxxxxxx
>
> > I apologise if I'm misunderstanding you, but it seems to me that
this
> > issue can only be initiated by a privileged user on a domain.
>
> If one domain can be broken into, and a Solaris kernel module
> is loaded which then crashes that one domain, the entire
> machine eventually has to be powered off to recover that one domain.
I agree with Theo. This is a privilege-escalation DOS attack, pure and
simple. A user with sufficient privilege in one domain, but not
necessarily in others, can 1) force that domain down for an extended
time, and/or 2) force all domains down.
"Privilege" isn't an absolute; there are degrees of privilege, and this
bug lets a user do more damage than their degree of privilege should
allow.
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus