Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 8 Operating System
Bug Id
6176096
Date of Workaround Release12-APR-2007
Date of Resolved Release24-SEP-2007
Impact
A security vulnerability in the Solaris 8 and 9 IP implementation may allow a remote unprivileged user to degrade the performance of a networked Solaris system by sending specially crafted IP packets. This could result in a mild Denial of Service (DoS) against network services provided by the system and/or local services, due to increased CPU usage.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 8 without patch 116965-29
- Solaris 9 without patch 114344-29
x86 Platform
- Solaris 8 without patch 116966-29
- Solaris 9 without patch 119435-18
Note: Solaris 10 is not affected by this issue.
Symptoms
Solaris 8 and 9 systems may see high numbers of duplicate IP fragments and/or high number of reassembly failures of IP fragments. For example, running the command:
% /usr/bin/netstat -s | /usr/bin/egrep 'ReasmDuplicates|ReasmFails'
may show high value for counters ip[v6]ReasmDuplicates and ip[v6]ReasmFails.
Further, Solaris 8 and 9 systems with a single processor may see a noticeable increase in CPU usage. For example the vmstat(1M) 'sy' column may show a high percentage of CPU time being spent in kernel.
Workaround
There is no workaround for this issue. Please see the Resolution section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 8 with patch 116965-29 or later
- Solaris 9 with patch 114344-29 or later
x86 Platform
- Solaris 8 with patch 116966-29 or later
- Solaris 9 with patch 119435-18 or later
Note: Patches previously listed here for resolution to this issue (116965-26, 114344-25, 116966-25, 119435-15) have been withdrawn and are no longer available on SunSolve. Please see Sun Alert 103023 for more details.
Modification History
Date: 07-AUG-2007
- Updated Contributing Factors and Resolution sections
- Status reset to "Preliminary"
Date: 18-SEP-2007
- Updated Contributing Factors and Resolution sections
Date: 24-SEP-2007
- Updated Contributing Factors and Resolution sections
- State: Resolved
References
119435-18
114344-29
116966-28
116965-29
AttachmentsThis solution has no attachment