|
Sun Cluster TCP Port Conflict Denial of Service Vulnerability
|
|
Secunia Advisory:
|
SA10369
|
|
|
Release Date:
|
2003-12-05
|
|
Popularity:
|
7,667 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Workaround
|
|
| Software: | Sun Cluster 2.x
Sun Cluster 3.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Sun has reported a vulnerability in Sun Cluster, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Any local user allowed to run a client application, which uses a TCP port, can cause a cluster node to crash by using the same port as the DLM (Distributed Lock Manager).
Sun reports that successful exploitation requires the following:
* The Sun Cluster Oracle OPS/RAC packages ORCLudlm and SUNWudlm are installed
* The Solaris Secure Shell server daemon is running
* The system is configured to enable X11 forwarding
The vulnerability affects the following releases on a SPARC Platform:
* Sun Cluster 2.2 (for Solaris 2.6, Solaris 7, and Solaris 8)
* Sun Cluster 3.0 (for Solaris 8 and Solaris 9)
* Sun Cluster 3.1 (for Solaris 8 and Solaris 9)
Solution:
Grant only trusted users access to affected systems.
Sun Cluster systems should not be used for client applications.
Sun has included various workarounds in the original advisory.
Original Advisory:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57428
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
