Note: This is an archival copy of Security Sun Alert 200060 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000045.1.
Solaris 10 Operating System
Date of Resolved Release
An unprivileged local or remote user may be able to panic a Solaris 10 system which is configured to use IPv6 (ip6(7p)) but is not configured to use the IPsec stack (ipsec(7P)), therefore causing a Denial of Service to the system as a whole.
This issue can occur in the following releases:
Note 1: Solaris 8 and Solaris 9 are not affected by this issue.
Note 2: This issue only affects systems which have IPv6 interfaces but which are not configured to use the IPsec stack.
The following command can be run to determine and list all IPv6 interfaces configured on the host:
$ ifconfig -a6
Solaris 10 does not have a default IPv6 setting since administrators are required to enable or disable IPv6 interfaces at install time.
The following command can be used to determine if the IPsec stack has been loaded on a system:
$ modinfo | grep ipsec
If the described issue occurs, the system will panic with a stack trace similar to the following:
ip_rput_data_v6+0x28cc(600106ee2a0, 600132c98a8, 60013279140, 428, 600132c98a8, 0) ip_rput_v6+0x64c(600106ee2a0, 60013279180, 0, 132a84bc, 600132c98a8, 300000d1d80) putnext+0x208(600106ee490, 600106ee2a0, 60013279180, 100, 1814c00, 0) dld_str_rx_fastpath+0x90(6001102ddc8, 600132a8094, 60013279180, 0, 0, 0) i_dls_link_rx+0x2d0(600132cde38, 0, 60013279180, 131273c, 0, 86dd000) mac_rx+0x44(0, 0, 60013279180, 1314c48, 60010598120, 600132cbf10) e1000g_intr+0xb0(80, 6001138c000, 6001138c230, 60013279180, 6001138c238, b) pci_intr_wrapper+0xac(600107aa370, 300003dd8e8, 7bafa2ac, 6001138c000, 60011006560, 0) intr_thread+0x168(183f8a0, 1055b40, 1813800, 180c000, 3852e9, 60010615f80) idle+0x38(181281c, 1, 180c000, 1837fc0, 1, 1812800) thread_start+4(0, 0, 0, 0, 0, 0)
Until patches can be applied, sites may wish to workaround this issue by loading the IPsec stack. This can be done by the root user via the following commands:
# touch /etc/inet/ipsecinit.conf # ipsecconf -qa /etc/inet/ipsecinit.conf
Note 1: This does NOT enable encryption using IPsec, but it works around the issue by simply having the IPsec functionality loaded onto the TCP/IP stack.
Note 2: The workaround is persistent across reboot.
This issue is addressed in the following releases:
This solution has no attachment