Note: This is an archival copy of Security Sun Alert 241126 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019559.1.
Solaris 10 Operating System
Date of Resolved Release
Solaris 10 kernel patches 120011-14 (SPARC) and 120012-14 (x86) introduced a security vulnerability in IPv4 forwarding:
Solaris 10 kernel patches 120011-14 (SPARC) and 120012-14 (x86) introduced a security vulnerability in IPv4 forwarding which may allow a remote unprivileged user to panic the system. This is a type of Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
Note 2: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived.
To determine the base build of OpenSolaris, the following command can be used:
$ uname -vNote 3: A system is only affected by this issue if it is configured to use IPv4, has a network route with a gateway of 127.0.0.1, and the route does not have the blackhole flag set. To determine if a system is configured this way, the following command can be used:
$ netstat -rnf inet
Routing Table: IPv4
In the above example, routes 184.108.40.206 and 220.127.116.11 may place the system at risk. Individual routes must then be checked using the "route get" command:
$ route get 18.104.22.168 | grep "flags:"
The route to 22.214.171.124 does not have the BLACKHOLE flag set, and may be affected by this issue.
The route to 126.96.36.199 has the BLACKHOLE flag set, and therefore this route is not affected.
Note 4: This issue affects systems regardless of whether IPv4 forwarding has been configured (either using the ipv4-forwarding option of routeadm(1M) or setting the ip_forwarding kernel tunable with ndd(1M)).
If the described issue occurs, the affected system will panic and may produce a crashdump with a panic string and a stack trace similar to the following:
BAD TRAP: type=31 rp=2a100047250 addr=1d8 mmu_fsr=0 occurred in module4. Workaround
To work around this issue, specify the "blackhole flag" when adding the route:
# route add -blackhole 188.8.131.52 127.0.0.1Note: This will cause the system to return an "ICMP Destination Unreachable" message in response to any packets destined for 184.108.40.206.
This issue is addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment