Category
Security
Release Phase
Resolved
ProductSolaris 10 Operating System
Bug Id
6443912
Date of Resolved Release30-JAN-2007
Impact
A security vulnerability in the Solaris 10 ICMP handling process may allow a remote unprivileged user to panic the system, resulting in a Denial of Service (DoS) condition.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 118833-28
x86 Platform
- Solaris 10 without patch 118855-28
Notes:
- Solaris 8 and 9 are not impacted by this issue.
- Systems are only impacted by this issue if they are configured to receive ICMP ping(1M) requests.
To determine if a system ("solaris1" in this example) is configured to receive ICMP ping requests, the following command can be run:
$ ping solaris1
solaris1 is alive
Symptoms
Should the described issue occur, the system may panic with a stack trace similar to the following:
ip:ill_refrele+0x8(0x0, 0x0, 0x0, 0x1010)
ip:ip_output+0x149c(0x0?, 0x6000864f2c0?, 0x60001bcede0?, , 0x2)
ip:ip_wput(0x60001bcede0, 0x600053ac140) - frame recycled
unix:put+0x1c0(0x60001bcede0?, 0x600053ac140)
ip:icmp_inbound+0xb88(0x60001bcece8, 0x6000864f2c0, 0x0, 0x30000c31268, 0x0, 0x0, 0x0, 0x1, , 0x2)
ip:ip_proto_input+0x56c(, 0x6000864f2c0, 0x600086e7500, 0x60003a24ed8, 0x30000c31268)
ip:ip_input+0x7d0(0x30000c31268, 0x0, , , 0xffffffff)
ip:ip_rput(0x60001bcece8, 0x6000864f300) - frame recycled
Workaround
To work around the described issue, ICMP packets can be blocked using packet filtering software such as ipfilter(5), which is shipped with Solaris 10.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 118833-28 or later
x86 Platform
- Solaris 10 with patch 118855-28 or later
References
118833-28
118855-28
AttachmentsThis solution has no attachment