Note: This is an archival copy of Security Sun Alert 200183 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000137.1. |
Category Security Release Phase Resolved 6240205 Product Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Date of Resolved Release 08-Feb-2008 Security Vulnerability May Allow Firewall Compromise or Creation of Denial of Service (DoS) Condition 1. ImpactA security vulnerability in Solaris Internet Protocol (IP - see ip(7P)) implementation may allow a remote privileged user to send certain packets bypassing the security policies set by a firewall or to cause the system to panic, creating a Denial of Service (DoS) condition. Sun acknowledges, with thanks, Mark Dowd from IBM Internet Security Systems X-Force (http://xforce.iss.net) for bringing this issue to our attention.2. Contributing FactorsThis issue can occur in the following releases: SPARC Platform
x86 Platform
3. SymptomsThere are no predictable symptoms that would indicate the policies of a firewall have been circumvented. If the system panics due to this issue, the following stack trace may be seen: icmp_pkt_v6+0xxxxx icmp_param_problem_v6+0xxxxx ip_fanout_sec_proto+0xxxxx ip_rput_local+0xxxxx ip_rput+0xxxxx putnext+0xxxxx 4. WorkaroundTo work around the described issues: As "root," set the ndd(1M) variable "ip_reass_queue_bytes" to 0 by using the following command: # ndd -set /dev/ip ip_reass_queue_bytes 0 This workaround will stop the system from re-assembling IP fragments. Networks which send/receive fragmented IP packets to/from the system will become unreachable. Note: This workaround is not persistent across reboot. 5. ResolutionThis issue is addressed in the following releases: SPARC Platform
x86 Platform
References116965-30114344-32 118822-27 116966-29 119435-20 118844-28 Attachments This solution has no attachment |
|