Note: This is an archival copy of Security Sun Alert 201477 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001104.1.
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Date of Resolved Release
The Sun Am7990 ("LANCE") Ethernet driver (le(7D)) may reuse old frame buffer data to pad packets resulting in an information leakage vulnerability that may allow a remote privileged user to harvest sensitive information from network traffic.
This issue can occur in the following releases:
Note: The Am7990 ("LANCE") Ethernet driver le(7D) is for SPARC platforms only, thus x86 platforms are not affected.
This issue only occurs on SPARC systems that utilize the Am7990 ("LANCE") Ethernet driver (le(7D)).
To determine if the Am7990 Ethernet driver is installed on your system, run the following command:
$ ifconfig -a le0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 inet 127.0.0.0 netmask ff000000
Any reference to "le0" would indicate an open Lance Ethernet (le) interface.
There are no predictable symptoms that would show the described issue has been exploited.
There is no workaround for this issue. Please see "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment