Note: This is an archival copy of Security Sun Alert 201142 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000861.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 10 Operating System Bug Id 6317027 Date of Workaround Release 14-NOV-2005 Date of Resolved Release 15-DEC-2005 Impact A remote privileged user may be able to attempt an IKE exchange using a malformed payload, which could cause the in.iked(1M) process to crash, causing a Denial of Service (DoS) of IPSec key management services. This issue is revealed by the test suite which is described in NISCC vulnerability #273756, which is available at http://www.uniras.gov.uk/niscc/docs/br-20051114-01013.html?lang=en Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Notes:
To determine if the in.iked(1M) is running on a system, the following command can be run: # pgrep -l in.iked 368 in.iked Symptoms If this issue has been exploited, the IKE daemon would no longer be running. To determine that the IKE (in.iked(1M)) daemon is NOT running on a system, the following command can be run: $ pgrep in.iked || echo "in.iked not running" Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 15-DEC-2005
References113451-10118371-06 114435-09 118372-06 Attachments This solution has no attachment |
|