Product
Solaris 9 Operating System

Bug Id
4930399

Date of Workaround Release
13-JAN-2004

Date of Resolved Release
28-JAN-2004

Impact

The Internet Key Exchange (IKE) implementation in Solaris 9 uses ASN.1 code from SSH Inc. Under certain rare conditions, it may be possible for a local or remote unprivileged user to kill the in.iked(1M) daemon, resulting in a Denial of Service (DoS), or gain unauthorized root access due to a buffer overflow in the in.iked(1M) daemon.

The issue with ASN.1 is described in CERT Vulnerability VU#104280 (see http://www.kb.cert.org/vuls/id/104280) which is referenced in CERT Advisory CA-2003-26 (see http://www.cert.org/advisories/CA-2003-26.html) and NISCC Vulnerability Advisory 006489/TLS (see http://www.uniras.gov.uk/vuls/2003/006489/tls.htm).

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

• Solaris 9 without patch 113451-05

x86 Platform

• Solaris 9 without patch 114435-03

Note: Solaris 7 and 8 are not affected by this issue.

Symptoms

There are no predictable symptoms that would indicate the described issues have been exploited.

Workaround

There is no workaround. Please see the Resolution section below.

Resolution

This issue is addressed in the following releases:

SPARC Platform

• Solaris 9 with patch 113451-05 or later

x86 Platform

• Solaris 9 with patch 114435-03 or later

Modification History
Date: 20-JAN-2004

• Update Contributing Factors and Resolution sections for x86 Resolution patch

Date: 22-JAN-2004

• Update Contributing Factors and Resolution sections for Solaris 9 Resolution patch

Date: 28-JAN-2004

• SunSolve patch issue corrected - re-releasing as Resolved.

References

114435-03
113451-05




Attachments

This solution has no attachment