Note: This is an archival copy of Security Sun Alert 200390 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000275.1.
Article ID : 1000275.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-09-23
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the IP Implementation for Solaris 8 and 9 May Allow a Denial of Service

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 8 Operating System

Bug Id
6176096

Date of Workaround Release
12-APR-2007

Date of Resolved Release
24-SEP-2007

Impact

A security vulnerability in the Solaris 8 and 9 IP implementation may allow a remote unprivileged user to degrade the performance of a networked Solaris system by sending specially crafted IP packets. This could result in a mild Denial of Service (DoS) against network services provided by the system and/or local services, due to increased CPU usage.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 116965-29
  • Solaris 9 without patch 114344-29

x86 Platform

  • Solaris 8 without patch 116966-29
  • Solaris 9 without patch 119435-18

Note: Solaris 10 is not affected by this issue.


Symptoms

Solaris 8 and 9 systems may see high numbers of duplicate IP fragments and/or high number of reassembly failures of IP fragments. For example, running the command:

    % /usr/bin/netstat -s | /usr/bin/egrep 'ReasmDuplicates|ReasmFails'

may show high value for counters ip[v6]ReasmDuplicates and ip[v6]ReasmFails.

Further, Solaris 8 and 9 systems with a single processor may see a noticeable increase in CPU usage. For example the vmstat(1M) 'sy' column may show a high percentage of CPU time being spent in kernel.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 116965-29 or later
  • Solaris 9 with patch 114344-29 or later

x86 Platform

  • Solaris 8 with patch 116966-29 or later
  • Solaris 9 with patch 119435-18 or later

Note: Patches previously listed here for resolution to this issue (116965-26, 114344-25, 116966-25, 119435-15) have been withdrawn and are no longer available on SunSolve. Please see Sun Alert 103023 for more details.



Modification History
Date: 07-AUG-2007
  • Updated Contributing Factors and Resolution sections
  • Status reset to "Preliminary"

Date: 18-SEP-2007
  • Updated Contributing Factors and Resolution sections

Date: 24-SEP-2007
  • Updated Contributing Factors and Resolution sections
  • State: Resolved


References

119435-18
114344-29
116966-28
116965-29




Attachments
This solution has no attachment