Note: This is an archival copy of Security Sun Alert 200103 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000087.1.
Article ID : 1000087.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-02-12
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Vulnerability in the TCP Implementation of Solaris 10 Systems May Result in a System Panic Under High TCP/IP Traffic

Category
Security

Release Phase
Resolved

Product
Solaris 10 Operating System

Bug Id
6404207

Date of Resolved Release
13-FEB-2007

Impact

A remote priviledged or unpriviledged user may be able to trigger a race condition in the TCP subsystem which can result in a system panic. The ability to panic a system is a type of Denial of Service (DoS).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 119998-01

x86 Platform

  • Solaris 10 without patch 119999-01

Note: Solaris 8 and 9 are not impacted by this issue.


Symptoms

One of the following stack traces are seen:

  ------
tcp_clean_death+0xb8()
tcp_rput_data+0x1284()
squeue_enter_chain+0x90()
ip_input+0x824()
putnext+0x218()
ce_drain_fifo+0x52e4()
thread_start+4()
--------
--------
tcp_drop_q0+0x120()
tcp_conn_request+0x108()
squeue_drain+0x134()
squeue_enter_chain+0x350()
ip_input+0x824()
putnext+0x218()
ce_drain_fifo+0x52e4()
thread_start+4()
  ------

Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

SPARC Platform

  • Solaris 10 with patch 119998-01 or later

x86 Platform

  • Solaris 10 with patch 119999-01 or later


References

119999-01
119998-01




Attachments
This solution has no attachment