=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN332
_____________________________________________________________________

DATE                      : 04/09/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Solaris 8, Solaris 9, Solaris 10,
                                              OpenSolaris.

======================================================================
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240706-1
______________________________________________________________________

    Solution Type: Sun Alert
    Solution  240706: Covert Channel Security Vulnerability in the
    Solaris Kernel
    Bug ID: 6696072

    Product
    Solaris 8 Operating System
    Solaris 9 Operating System
    Solaris 10 Operating System
    OpenSolaris

    Date of Resolved Release: 27-Aug-2008

    SA Document Body
    Covert Channel Security Vulnerability in the Solaris Kernel:

    1. Impact
    A security vulnerability with system calls in the Solaris Kernel may
    allow two unprivileged local user processes to establish a covert
    communication channel bypassing system restrictions such as the
    multi-level security policy found in Solaris Trusted Extensions or the
    isolation policy implemented using zones(5) or chroot(2).

    2. Contributing Factors
    This issue can occur in the following releases:
    SPARC Platform
      * Solaris 8 without patch 117350-56
      * Solaris 9 without patch 122300-30
      * Solaris 10 without patch 137111-05
      * OpenSolaris based upon builds snv_01 through snv_89

    x86 Platform
      * Solaris 8 without patch 117351-56
      * Solaris 9 without patch 122301-30
      * Solaris 10 without patch 137112-05
      * OpenSolaris based upon builds snv_01 through snv_89

    Note: OpenSolaris distributions may include additional bug fixes above
    and beyond the build from which it was derived.
    To determine the base build of  OpenSolaris, the following command can
    be used:

       $ uname -v
       snv_94

    3. Symptoms
    There are no predictable symptoms that would indicate the described
    issue has been exploited to establish a covert communication channel.

    4. Workaround
    There is no workaround for this issue. Please see the Resolution
    section below.

    5. Resolution
    This issue is resolved in the following releases:
    SPARC Platform
      * Solaris 8 with patch 117350-56 or later
      * Solaris 9 with patch 122300-30 or later
      * Solaris 10 with patch 137111-05 or later
      * OpenSolaris based upon builds snv_01 through snv_90 or later

    x86 Platform
      * Solaris 8 with patch 117351-56 or later
      * Solaris 9 with patch 122301-30 or later
      * Solaris 10 with patch 137112-05 or later
      * OpenSolaris based upon builds snv_90 or later

    For more information on Security Sun Alerts, see Technical
    Instruction ID 213557.

    This Sun Alert notification is being provided to you on an "AS IS"
    basis. This Sun Alert notification may contain information provided by
    third parties. The issues described in this Sun Alert notification may
    or may not impact your system(s). Sun makes no representations,
    warranties, or guarantees as to the information contained herein. ANY
    AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
    WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
    NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
    YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
    INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
    OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
    This Sun Alert notification contains Sun proprietary and confidential
    information. It is being provided to you pursuant to the provisions of
    your agreement to purchase services from Sun, or, if you do not have
    such an agreement, the Sun.com Terms of Use. This Sun Alert
    notification may only be used for the purposes contemplated by these
    agreements.
    Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
    Clara, CA 95054 U.S.A. All rights reserved

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================