Note: This is an archival copy of Security Sun Alert 200851 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000642.1.
Solaris 10 Operating System
Date of Resolved Release
A security vulnerability in the Solaris 10 Internet Protocol (ip(7P)) may allow a local unprivileged user the ability to cause a system panic, thereby causing a Denial of Service (DoS) to the system as a whole.
This issue can occur in the following releases:
Note: Solaris 8 and Solaris 9 are not impacted by this issue.
If the described issue occurs, the system will panic with a stack trace similar to the following:
panic[cpu3]/thread=300027ab340: BAD TRAP: type=34 rp=2a1011a6f90 addr=139 mmu_fsr=0 ip_wput_ire+0x1bc0(600040f35a8, 60004042a18, 0, 10000, 0, 0) ip_output+0x964(0, 60004042b88, 0, 0, 0, 60009b42470) udp_output_v4+0x5c4(60009afaac0, 0, d0000, 6000499b650, 600040f35a8, 2a1011a769c) udp_output+0x448(60009afaac0, 6000498b300, 60004903358, 300002a2680, 20104022, 10) udp_wput_data+0xd8(60009afaac0, 6000498b300, 60004903358, 0, 0, 0) sodgram_direct+0xbc(6000a343ca0, 60004903358, 10, 2a1011a7aa0, 6000498b300, 0) sotpi_sendmsg+0x454(6000a343ca0, 2a1011a7a70, 2a1011a7aa0, 0, 1200020, 0) sendit+0x134(3, 2a1011a7a70, 2a1011a7aa0, 60004903358, 6000a343ca0, 0) sendto+0x64(3, 21208, 5, 0, ffbffa24, 10) syscall_trap32+0xcc(3, 21208, 5, 0, ffbffa24, 10)
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment