RE: Sun M-class hardware denial of service

["Michael Wojcik" <Michael.Wojcik () MicroFocus com>]

> From: Theo de Raadt [mailto:deraadt () cvs openbsd org] 
> Sent: Tuesday, 09 September, 2008 17:28
> To: B 650
> Cc: bugtraq () securityfocus com
>
> > I apologise if I'm misunderstanding you, but it seems to me that
this 
> > issue can only be initiated by a privileged user on a domain.
>
> If one domain can be broken into, and a Solaris kernel module 
> is loaded which then crashes that one domain, the entire 
> machine eventually has to be powered off to recover that one domain.

I agree with Theo. This is a privilege-escalation DOS attack, pure and
simple. A user with sufficient privilege in one domain, but not
necessarily in others, can 1) force that domain down for an extended
time, and/or 2) force all domains down.

"Privilege" isn't an absolute; there are degrees of privilege, and this
bug lets a user do more damage than their degree of privilege should
allow.

-- 
Michael Wojcik
Principal Software Systems Developer, Micro Focus