Category
Security
Release Phase
Resolved
ProductSolaris 10 Operating System
Bug Id
6248555, 6250374
Date of Resolved Release13-OCT-2005
Impact
Multiple security vulnerabilities in Solaris 10 SCTP Socket Option Processing (see sctp(7P)) may allow an unprivileged local user to panic the system, resulting in a Denial of Service (DoS).
Contributing Factors
These issues can occur in the following releases:
SPARC Platform
- Solaris 10 without patch 119075-09
x86 Platform
- Solaris 10 without patch 119076-08
Note: Solaris 7 will not be evaluated regarding the potential impact of the issue described in this Sun Alert. Solaris 8 and 9 are not impacted by this issue.
Symptoms
The system may panic with a stack trace similar to the following:
...
vpanic()
sosctp_setsockopt()
setsockopt()
...
Workaround
There is no workaround. Please see the Resolution section below.
Resolution
These issues are addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 119075-09 or later
x86 Platform
- Solaris 10 with patch 119076-08 or later
References
119075-09
119076-08
AttachmentsThis solution has no attachment