lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 09 Sep 2008 15:27:40 -0600
From: Theo de Raadt <deraadt@....openbsd.org>
To: "B 650" <dunc.on.usenet@...glemail.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Sun M-class hardware denial of service 

> I apologise if I'm misunderstanding you, but it seems to me that this
> issue can only be initiated by a privileged user on a domain.

If one domain can be broken into, and a Solaris kernel module is
loaded which then crashes that one domain, the entire machine
eventually has to be powered off to recover that one domain.

> The only system immediately affected is that particular domain.

That is WRONG.  The long-term uptime of all other domains on the
machine are eventually impacted because the entire physical machine
must, after a service call to Sun, eventually be powered down.

Management eventually has to decide to impact the SLA's of all domains.
That means that Sun's promise of isolation is bunk.

> The
> removal of service from the other domains is a system/service
> management decision, rather than an exploit of some kind.

That is wrong, too.  If any of the other domains were supposed to meet
five 9's SLA's, then the failure of one domain on that physical
hardware would impact the SLA's of all the other domains.

> That's why I don't view it as a DoS vulnerability.

How absolutely bizzare.  Basically you spend half a million dollars on
Sun hardware, and it isn't required to do this better than VMWare?  In
fact, it does it worse than VMWare.  I am just stunned at your
acceptance of a serious problem.

> If you exploit this on your
> own domain, which then becomes unavailable then, frankly, tough.

If you exploit this on one domain, the other domains must all
eventually be powered off.

Compare this to VMWare.  If an OS running inside VMWare was able to
cause a situation making it neccessary to reboot the host environment
and restart all VMWare instances, it would be considered a very
serious and significant security problem for VMWare.  It would be all
over the news.  (And at least with VMotion you can move the instances
to another machine; with Sun you cannot).

This issue is very significant.

> You
> wait until the frame administrators choose to power cycle the other
> domains to bring you back.

And what if your SLA's say that you are supposed to only go down for a
maximum of 3 hours a year, yet you need that dead domain back
immediately?

> You stated in your original message that this is a high-end frame, of
> the kind generally used by financial institutions etc.  I would
> imagine any system which warrants this kind of hardware would have
> some level of redundancy or DR.

Oh great!  Sun is off the hook for selling something which doesn't
work, and their customers must mitigate against it themselves.
Utterly ridiculous.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ