Bugtraq mailing list archives

64bit Sol7 on Ultra1 < 200mhz bug

From: jake () 10K ORG (Jake Luck)
Date: Sat, 11 Dec 1999 03:03:25 -0500


Has anyone else came across this and know how to exploit this problem
in Solaris 7? I checked a few places but couldn't find much info on
the subject.

-jake
(the unfortunate owner of a 143mhz ultra1)

------------ cut from solaris 7 sparc boot (1m) man pages ---------

  64-bit SPARC
  Booting UltraSPARC Systems
     Certain platforms may need a firmware  upgrade  to  run  the
     64-bit  kernel.   See  the  Sun  Hardware Platform Guide for
     details. If the 64-bit kernel  packages  are  installed  and
     boot  detects that the platform needs a  firmware upgrade to
     run 64-bit, boot  displays a  message  on  the  console  and
     chooses the 32-bit kernel as the default file instead.

     On systems containing 200MHz or lower  UltraSPARC-1  proces-
     sors,  it  is  possible  for  a user to run a 64-bit program
     designed to exploit a problem that could cause  a  processor
     to  stall.  Since  64-bit  progams  cannot run on the 32-bit
     kernel, the 32-bit kernel is chosen as the default  file  on
     these  systems.

     The code sequence that exploits the problem is very  unusual
     and  is  not likely to be generated by a compiler. Assembler
     code had to be specifically written to demonstrate the prob-
     lem.  It  is  highly  unlikely that a legitimate handwritten
     assembler routine would use this code sequence.

      Users willing to assume the risk that a user might acciden-
     tally  or  deliberately  run  a program that was designed to
     cause a processor to stall may choose to run the 64-bit ker-
     nel    by    modifying   the   boot    policy   file.   Edit
     /platform/platform-name/boot.conf so  that  it  contains  an
     uncommented     line     with     the     variable     named
     ALLOW_64BIT_KERNEL_ON_UltraSPARC_1_CPU set to the value true
     as shown in the example that follows:

     ALLOW_64BIT_KERNEL_ON_UltraSPARC_1_CPU=true
-------------------------------------------------------------------

Current thread:

sadmind exploits (remote sparc/x86) Marcy Abene (Dec 10)
- Re: sadmind exploits (remote sparc/x86) Erik Fichtner (Dec 10)
  - Re: sadmind exploits (remote sparc/x86) Lamont Granquist (Dec 10)
    - Irix and TCP implementation TeSd (Dec 10)
    - 64bit Sol7 on Ultra1 < 200mhz bug Jake Luck (Dec 11)
    - VDO Live Player 3.02 Buffer Overflow UNYUN (Dec 12)
    - ssh-1.2.27 exploit Jarek Kutylowski (Dec 13)
    - Re: ssh-1.2.27 exploit Iván Arce (Dec 13)
    - Re: ssh-1.2.27 exploit Beto (Dec 15)
    - FreeBSD 3.3 xsoldier root exploit Brock Tellier (Dec 15)
    - Xsoldier xploit (was: FreeBSD 3.3 xsoldier root exploit) Spidey (Dec 15)
    - BindView Security Advisory: Vulnerability in Windows NT's SYSKEY feature BindView Security Advisory (Dec 16)
    - Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities security-alert () CISCO COM (Dec 16)
    - Reinventing the wheel (aka "Decoding Netscape Mail passwords") Vanja Hrustic (Dec 15)
    - Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") John Viega (Dec 16)

(Thread continues...)