Note: This is an archival copy of Security Sun Alert 242266 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019612.1.
Solaris 10 Operating System
Date of Resolved Release
Security Vulnerability in Solaris IP Tunnel Parameter Processing May Lead to a System Panic or Possible Execution of Arbitrary Code by Unprivileged Users
A security vulnerability in the Solaris 10 IP tunnel parameter processing (see tun(7M)) may allow a local unprivileged user the ability to panic the system or execute arbitrary commands with all (super-user) privileges. The ability to panic a system is a type of Denial of Service (DoS).
Sun acknowledges with thanks, Tobias Klein (http://www.trapkit.de/) for bringing this issue to our attention.
This issue is also referenced in the following document:
2. Contributing Factors
This issue can occur in the following releases:
1. Solaris 8 and 9 are not impacted by this issue.
2. Systems do not need to have tunneling configured to be vulnerable to this issue.
If the described issue occurs, the system may panic with a stack strace similar to the following:
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
09-Jan-2008: Updated "Notes" in Contributing Factors section
This solution has no attachment