tug
Volume 3, Number 42 -- November 9, 2006

Solaris 10 UFS File System Has Denial of Service Vulnerability

Published: November 9, 2006

by Timothy Prickett Morgan

Secunia, which tracks security vulnerabilities in operating systems and other software, reported this week that it has received a report that the Solaris 10 Unix variant from Sun Microsystems has a denial of service security vulnerability in the UFS file system.

According to the Secunia report, the vulnerability would allow "malicious, local users to cause a DoS (Denial of Service)." The report went on to say that the vulnerability "is caused due to an improper handling of corrupted data structures in the UFS file system. This can be exploited to crash the system or corrupt the file system by mounting a specially crafted file system image." The security company warns that earlier versions of Solaris could be affected, and that end users should not mount untrusted file systems.

The security vulnerability exists because of a flaw in the way the UFS file system reacts when it is given corrupted data structures. As with many other vulnerabilities, you can cause a machine to puke all over itself and knock it offline if you know how to make it sick. (To speak metaphorically, not technically.) This vulnerability has been given a "not critical" status, since it can only be locally exploited, and has not been patched yet by Sun.

Sponsored By
FREEBSD

Free Unix!
It Is, With FreeBSD

FreeBSD is an advanced OS for X86 and X64, Alpha/AXP, IA-64, PC-98, and Sparc architectures. Its features include advanced networking, security, and compatibility, and it's an ideal Internet or Intranet server. Best of all, FreeBSD is free!

FreeBSD needs your help.
If you can make improvements, submit your changes to the FreeBSD Project.

Email bod@FreeBSDFoundation.org or
visit FreeBSD.org for more information.
Editor: Timothy Prickett Morgan
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

MKS:  Meet your compliance goals with iSeries and cross-platform application lifecycle management
OpenSolaris:  If you want OpenSolaris to thrive, get involved
Roaring Penguin:  CanIt-PRO Anti-Spam Software for Linux/UNIX

 
THIS ISSUE SPONSORED BY:

Lakeview Technology
Canvas Systems
Arkeia
Egenera
FreeBSD



TABLE OF CONTENTS
Avnet Buys GE's Access Server Distribution Biz for $412.5 Million

HP Taps Fink to Run Business Critical Servers Division

Sun Chases Web 2.0 Boom with Discounts for Startups

IBM Creates Virtualization Dashboard, Merges Server and Storage Management

But Wait, There's More:

Solaris 10 UFS File System Has Denial of Service Vulnerability . . . FreeBSD Puts Out 6.2 Beta 3 Release . . . PeopleSoft Founder Duffield Launches Workday ERP . . . Sun Picks Two New Board Members as Another Leaves . . . SAS Supports BI Apps Running on Opteron-Solaris Combo . . . IDC Says Virtual Tape Library Sales to Double in Five Years . . .

The Unix Guardian

BACK ISSUES

The Four Hundred
Thoma Cressey Strikes Again: Buys iTera to Merge with Vision Solutions

Bang for the Buck: User-Capped i5 520s Versus Windows X64 Servers

PowerTech Issues Third Annual State of i5/OS Security Report

The X Factor: Form Follows Function

The Linux Beacon
Microsoft and Novell in Landmark Partnership

Bang for the Buck: Entry Linux Servers Keep Windows and Unix Honest

Liquid Computing Starts Shipping LiquidIQ Servers

The X Factor: Form Follows Function

Big Iron
Bang for the Buck: Big Iron Boxes, Even Bigger Bucks

Top Mainframe Stories and Vendor Announcements

Chats, Webinars, Seminars, Shows, and Other Happenings

The Windows Observer
Microsoft On Schedule for Big Launch November 30

Microsoft Shakes Up Licensing for ERP and CRM Products

Gateway Begins Shipping Opteron-Based Servers

Microsoft and Novell in Landmark Partnership


 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement