Note: This is an archival copy of Security Sun Alert 257331 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020388.1.
Date of Resolved Release
Security Vulnerability in OpenSolaris SCTP Sockets May Allow Unprivileged Users to Panic the System
1. ImpactDue to a security vulnerability in SCTP sockets, OpenSolaris systems may
allow an unprivileged local user to panic the system and thereby cause a
denial of service (DoS).
2. Contributing FactorsThis issue can occur in the following releases:
Notes: OpenSolaris distributions may include additional bug fixes above and
beyond the build from which it was derived. The base build can be derived as follows:
$ uname -v
Solaris 8, 9 and 10 are not impacted by this issue.
3. SymptomsIf this issue is exploited to cause a denial of service, the kernel panics
and the lower part of the stack trace would be similar to the one below. The
key identifying features of the panic is the presence of "sosctp_close()"
and "sctp_sack()" in the stack trace.
sosctp_close+0x4c(ffffff05727bcc90, 3, ffffff01d9151608)
socket_close_internal+0x3a(ffffff05727bcc90, 3, ffffff01d9151608)
socket_vop_close+0xf2(ffffff01dfa56800, 3, 1, 0, ffffff01d9151608, 0)
fop_close+0x71(ffffff01dfa56800, 3, 1, 0, ffffff01d9151608, 0)
4. WorkaroundThere is no workaround to this issue. Please see the Resolution section below.
5. ResolutionThis issue is addressed in the following releases:
For more information on Security Sun Alerts, see
This solution has no attachment