Secunia Advisory: SA10369
Release Date: 2003-12-05
Critical: Not critical
Impact: DoS
Where: Local system
Software: Sun Cluster 2.x
Sun Cluster 3.x
Description:
Sun has reported a vulnerability in Sun Cluster, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Any local user allowed to run a client application, which uses a TCP port, can cause a cluster node to crash by using the same port as the DLM (Distributed Lock Manager).
Sun reports that successful exploitation requires the following:
* The Sun Cluster Oracle OPS/RAC packages ORCLudlm and SUNWudlm are installed
* The Solaris Secure Shell server daemon is running
* The system is configured to enable X11 forwarding
The vulnerability affects the following releases on a SPARC Platform:
* Sun Cluster 2.2 (for Solaris 2.6, Solaris 7, and Solaris ![]()
* Sun Cluster 3.0 (for Solaris 8 and Solaris 9)
* Sun Cluster 3.1 (for Solaris 8 and Solaris 9)
Solution:
Grant only trusted users access to affected systems.
Sun Cluster systems should not be used for client applications.
Sun has included various workarounds in the original advisory.
http://www.secunia.com/advisories/10369/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic