Note: This is an archival copy of Security Sun Alert 201097 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000818.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Resolved Release
On Solaris 8, 9 and 10 systems utilizing an IPv6 address, a remote unprivileged user may be able to panic the system, causing a Denial of Service (DoS) condition.
This issue can occur in the following releases:
Solaris systems are only impacted by this issue if they have an IPv6 address configured. If an IPv6 address is configured, the ifconfig(1M) command will show an output line which contains the word "IPv6" as in the following example:
# /usr/sbin/ifconfig -a | /usr/bin/grep IPv6 eri0: flags=2000840<RUNNING,MULTICAST,IPv6> mtu 1500 index 2
The system may panic with a stack trace similar to the following:
... msgdsize+0x54() ip_rput_frag_v6+0x9d4() ip_rput_data_v6+0x1254() putnext+0x450() ...
There is no workaround if the system under consideration is using the IPv6 address for network communications. If an IPv6 address is enabled but not being used, then disabling the IPv6 address will prevent this issue from occurring on the system.
To disable the IPv6 address, use the ifconfig(1M) command. For example, If "eri0" is the network interface, then the following command will disable the IPv6 address:
# /usr/sbin/ifconfig eri0 inet6 unplumb
This issue is addressed in the following releases:
This solution has no attachment