> From: Theo de Raadt [mailto:deraadt@xxxxxxxxxxxxxxx] > Sent: Tuesday, 09 September, 2008 17:28 > To: B 650 > Cc: bugtraq@xxxxxxxxxxxxxxxxx > > > I apologise if I'm misunderstanding you, but it seems to me that this > > issue can only be initiated by a privileged user on a domain. > > If one domain can be broken into, and a Solaris kernel module > is loaded which then crashes that one domain, the entire > machine eventually has to be powered off to recover that one domain. I agree with Theo. This is a privilege-escalation DOS attack, pure and simple. A user with sufficient privilege in one domain, but not necessarily in others, can 1) force that domain down for an extended time, and/or 2) force all domains down. "Privilege" isn't an absolute; there are degrees of privilege, and this bug lets a user do more damage than their degree of privilege should allow. -- Michael Wojcik Principal Software Systems Developer, Micro Focus
