Note: This is an archival copy of Security Sun Alert 201262 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000945.1.
Solaris 10 Operating System
Date of Resolved Release
Due to security vulnerabilities related to the handling of memory buffers containing Secure Socket Layer (SSL) records, an unprivileged local or remote user may be able to panic a Solaris 10 system that has been configured to act as a SSL proxy. This would result in a Denial of Service (DoS) to the system.
These issues can occur in the following releases:
The following command can be run to determine if the KSSL proxy was configured on a system:
$ svcs | grep kssl online Apr_27 svc:/network/ssl/proxy:kssl-INADDR_ANY-443
If these issues have been exploited, the system panic would produce the following stack trace:
kssl_handle_record+0x80(6000383b250, 60002a04000, 2a100c97540, 6000112d200, 60003889c40, 0) strsock_kssl_input+0x14(600037f6380, 60001081540, 0, 0, 0, 60002744730) kstrgetmsg+0x51c(60001081540, 0, 2a100c97a10, 6000287ab28, 0, 1) sotpi_recvmsg+0x290(60002744730, 2a100c97870, 2a100c97a10, 2, 0, 7000) socktpi_read+0x44(600037f6380, 2a100c97a10, 600008022c8, 600008022c8, 0, 60002744730) fop_read+0x20(600037f6380, 2a100c97a10, 0, 600008022c8, 0, 135127c) read+0x274(101, 0, 600027c10d8, 1f40, 83, 0) syscall_trap32+0xcc(101, 154b20, 1f40, 1, 493e0, 8)
Note: Other possible stack traces are possible containing calls to routines from the KCF module.
Until patches are applied, sites may wish to disable the KSSL proxy so that SSL processing will be done in "userland" only. This may degrade the performance of servicing SSL streams.
For example, to disable the KSSL proxy listening on the default TCP port (port 443), the following command can be run:
# ksslcfg delete 443
Note: This command will also delete the KSSL service.
These issues are addressed in the following releases:
This solution has no attachment