Sun Cluster sibling node denial of service

cluster-sibling-node-dos (33858) The risk level is classified as LowLow Risk

Description:

Sun Cluster is vulnerable to an unspecified denial of service. An authenticated local attacker with current cluster member privileges could exploit this vulnerability to corrupt sibling node data structures and cause a denial of service.

Platforms Affected:

  • Sun, Cluster 3.1
  • Sun, Cluster 3.2
  • Sun, Solaris 10 x86
  • Sun, Solaris 10 x64
  • Sun, Solaris 10 SPARC
  • Sun, Solaris 8 SPARC
  • Sun, Solaris 9 SPARC
  • Sun, Solaris 9 x86

Remedy:

Refer to Sun Alert ID: 102874 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Denial of Service

References:

  • Sun Alert ID: 102874, A Security Vulnerability in Sun Cluster Software may Lead to Data Corruption and "send_mondo" Panics at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102874-1.
  • ASA-2007-175: A Security Vulnerability in Sun Cluster Software may Lead to Data Corruption and "send_mondo" Panics (Sun 102874)
  • BID-23638: Sun Cluster Software Unspecified Denial Of Service Vulnerability
  • CVE-2007-2267: Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1.
  • SA24985: Sun Cluster Software Denial of Service Vulnerability
  • SECTRACK ID: 1017953: Sun Cluster Remote USCSICMD IOCTL Processing Bug Lets Remote Authenticated Users Deny Service
  • SECTRACK ID: 1018642: Sun Cluster USCSICMD IOCTL Processing Bug Lets Remote Authenticated Users Deny Service
  • VUPEN/ADV-2007-1530: Sun Cluster Sibling Node Data Corruption Unspecified Denial of Service Vulnerability

Reported:

Apr 24, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page