CVE-2000-0030 in Solaris
Summary
by MITRE
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/20/2026
The vulnerability described in CVE-2000-0030 affects the Solaris operating system's dmispd daemon, which is responsible for managing DMI (Desktop Management Interface) data collection and storage. This daemon maintains a database at /var/dmi/db that stores system information gathered from various hardware components. The flaw resides in how the dmi_cmd functionality handles file creation and management within this restricted database directory, creating a potential denial of service condition through unauthorized disk space consumption.
This security weakness represents a classic case of insufficient resource management and inadequate access controls within a system daemon. The vulnerability allows local users to exploit the dmi_cmd interface to repeatedly add files to the /var/dmi/db directory without proper size limitations or access restrictions. The technical implementation fails to validate file operations against system resource constraints, enabling malicious or careless users to continuously populate the database with data until available disk space is exhausted. This type of vulnerability falls under CWE-400, which addresses "Uncontrolled Resource Consumption" or "Resource Exhaustion" in software systems.
The operational impact of this vulnerability extends beyond simple disk space exhaustion, as it can severely disrupt system operations and potentially compromise system availability. When the /var/dmi/db directory fills up completely, it can prevent legitimate system processes from writing essential data, leading to service interruptions and potential system instability. Network management services that depend on DMI data collection may fail, and system monitoring capabilities could become impaired. The vulnerability particularly affects systems where disk space is already constrained, making the impact more severe and potentially leading to complete system lockouts or crashes.
Security professionals should implement several mitigation strategies to address this vulnerability. The most effective approach involves restricting write permissions to the /var/dmi/db directory, ensuring that only authorized system processes can modify the database. Additionally, implementing disk space quotas and monitoring mechanisms can help detect and prevent unauthorized consumption of storage resources. System administrators should also consider implementing resource limits on the dmispd daemon itself, preventing it from creating excessive files. According to ATT&CK framework category T1499, this vulnerability aligns with "Resource Exhaustion" tactics that target system resources to deny service. Organizations should also review their system configuration management practices to ensure that unnecessary file creation capabilities are disabled or properly restricted. Regular system audits should verify that the /var/dmi/db directory maintains appropriate permissions and that no unauthorized processes have write access to this critical system location.