Note: This is an archival copy of Security Sun Alert 200414 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000299.1.
Solaris 10 Operating System
Date of Resolved Release
A security vulnerability in the Solaris 10 ICMP handling process may allow a remote unprivileged user to panic the system, resulting in a Denial of Service (DoS) condition.
This issue can occur in the following releases:
To determine if a system ("solaris1" in this example) is configured to receive ICMP ping requests, the following command can be run:
$ ping solaris1 solaris1 is alive
Should the described issue occur, the system may panic with a stack trace similar to the following:
ip:ill_refrele+0x8(0x0, 0x0, 0x0, 0x1010) ip:ip_output+0x149c(0x0?, 0x6000864f2c0?, 0x60001bcede0?, , 0x2) ip:ip_wput(0x60001bcede0, 0x600053ac140) - frame recycled unix:put+0x1c0(0x60001bcede0?, 0x600053ac140) ip:icmp_inbound+0xb88(0x60001bcece8, 0x6000864f2c0, 0x0, 0x30000c31268, 0x0, 0x0, 0x0, 0x1, , 0x2) ip:ip_proto_input+0x56c(, 0x6000864f2c0, 0x600086e7500, 0x60003a24ed8, 0x30000c31268) ip:ip_input+0x7d0(0x30000c31268, 0x0, , , 0xffffffff) ip:ip_rput(0x60001bcece8, 0x6000864f300) - frame recycled
To work around the described issue, ICMP packets can be blocked using packet filtering software such as ipfilter(5), which is shipped with Solaris 10.
This issue is addressed in the following releases:
This solution has no attachment