Note: This is an archival copy of Security Sun Alert 200878 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000667.1.
Article ID : 1000667.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-10-16
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the Solaris 10 TCP Fusion Code May Lead to a System Panic, Resulting in a Denial of Service (DoS)

Category
Security

Release Phase
Resolved

Product
Solaris 10 Operating System

Bug Id
6348581

Date of Resolved Release
17-OCT-2006

Impact

Solaris 10 systems may panic in the tcp_fuse_rcv_drain() TCP/IP function when using TCP loopback connections, where both ends of the connection are on the same system. This may allow a local unprivileged user to cause a Denial of Service (DoS) condition on the affected host.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 118833-23

x86 Platform

  • Solaris 10 without patch 118855-19

Note: Solaris 8 and Solaris 9 are not impacted by this issue.


Symptoms

A system panic in tcp_fuse_rcv_drain() TCP/IP function is representative of this issue.


Workaround

To work around the described issue until patches can be installed, disable TCP Fusion by adding the following line to the "/etc/system" file and rebooting the system:

    set ip:do_tcp_fusion = 0x0

Undo the above change to the "/etc/system" file and reboot to re-enable TCP Fusion.

Note: The workaround option above may affect performance.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 118833-23 or later

x86 Platform

  • Solaris 10 with patch 118855-19 or later


References

118833-23
118855-19




Attachments
This solution has no attachment