{"vuid":"VU#901582","idnumber":"901582","name":"Sun Solaris vulnerable to DoS when the Basic Security Module (BSM) is configured to perform auditing of specific classes","keywords":["Sun","Solaris","DoS","AUE_MODADDMAJ","Basic Security Module","BSM","Administrative audit class","ad","System-Wide Administration audit class","as","system panic"],"overview":"There is a vulnerability in Sun Solaris that could allow local users to cause a denial of service when the Basic Security Module (BSM) is configured to perform auditing of specific audit classes.","clean_desc":"Sun Microsystems describes the Basic Security Module (BSM) as a \"security auditing subsystem and a device allocation mechanism that provides the required object reuse characteristics for removable or assignable devices.\" There is a vulnerability in Sun Solaris systems with BSM enabled that could allow local users to cause a system panic. According to the Sun Security Alert: Local unprivileged users may be able to panic Solaris systems with Basic Security Module (BSM) enabled causing a Denial of Service (DoS). This issue can only occur on systems where BSM has been configured to audit the Administrative audit class \"ad\" or the System-Wide Administration audit class \"as\".","impact":"A local unprivileged user could cause a denial-of-service condition.","resolution":"Sun has issued an advisory which addresses this issue. For more information on patches available for your system, please refer to Sun Security Alert: 57497.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Sun Microsystems Inc.","author":"This document was written by Damon Morda.","public":["http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57497","http://secunia.com/advisories/11930/","http://www.securitytracker.com/alerts/2004/Jun/1010572.html","http://www.securityfocus.com/bid/10594"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-06-24T15:05:10Z","publicdate":"2004-06-22T00:00:00Z","datefirstpublished":"2004-06-28T19:04:59Z","dateupdated":"2004-06-28T19:08:15Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"7","cam_attackeraccessrequired":"10","cam_scorecurrent":"3.465","cam_scorecurrentwidelyknown":"4.2525","cam_scorecurrentwidelyknownexploited":"7.4025","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.465,"vulnote":null}