Note: This is an archival copy of Security Sun Alert 200467 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000345.1.
Article ID : 1000345.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-08-02
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Sun's Internet Protocol (IP) Implementation May Allow Local Users to Bypass the Routing Table

Category
Security

Category
Availability

Release Phase
Resolved

Product
Solaris 10 Operating System

Bug Id
6425832

Date of Resolved Release
21-JUL-2006

Impact

A local unprivileged user may be able to bypass the system's routing table and direct packets on a per-socket basis to or through an on-link router other than the one defined by the system. This could allow a user to send data to hosts and services that may not be ordinarily reachable and/or bypass a firewall.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 with patches 118833-06 through 118833-17 and without patch 118833-18

x86 Platform

  • Solaris 10 with patches 118855-04 through 118855-14 and without patch 118855-15

Notes:

  1. This issue does not affect Solaris 8 or 9.
  2. This issue only applies to IPv4 sockets.

Symptoms

There are no reliable symptoms that would indicate the described issue has been exploited to bypass the routing table on a system.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 118833-18 or later

x86 Platform

  • Solaris 10 with patch 118855-15 or later


References

118855-15
118833-18




Attachments
This solution has no attachment