Solaris dmi_cmd Malformed DB Entry dmispd DoS

1999-12-22T00:00:00
ID OSVDB:7582
Type osvdb
Reporter Brock Tellier(btellier@webley.com)
Modified 1999-12-22T00:00:00

Description

Vulnerability Description

Sun Microsystems Solaris dmispd contains a flaw that may allow a local denial of service. The issue is triggered when dmi_cmd is used to add a file which has more than 1024 characters in the first line to the DMI database, and will result in loss of availability for the DMI service.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Sun Microsystems has released a patch to address this vulnerability.

Short Description

Sun Microsystems Solaris dmispd contains a flaw that may allow a local denial of service. The issue is triggered when dmi_cmd is used to add a file which has more than 1024 characters in the first line to the DMI database, and will result in loss of availability for the DMI service.

Manual Testing Notes

echo perl -e "print 'A' x 1000" > /usr/home/btellier/my.mif dmi_cmd -CI ../../../usr/home/btellier/my.mif

References:

Vendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?type=0&doc=fpatches%2F107710 Vendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?type=0&doc=fpatches%2F107709 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q4/0410.html ISS X-Force ID: 4395 CVE-2000-0032 Bugtraq ID: 878