Note: This is an archival copy of Security Sun Alert 201097 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000818.1.
Article ID : 1000818.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-10-05
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Vulnerability With Solaris IPv6 May Allow a Remote User the Ability to Create a Denial of Service Condition

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System

Bug Id
6241739

Date of Resolved Release
28-SEP-2006

Impact

On Solaris 8, 9 and 10 systems utilizing an IPv6 address, a remote unprivileged user may be able to panic the system, causing a Denial of Service (DoS) condition.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 8 without patch 116965-22
  • Solaris 9 without patch 114344-20
  • Solaris 10 without patch 119075-13

x86 Platform

  • Solaris 8 without patch 116966-21
  • Solaris 9 without patch 119435-10
  • Solaris 10 without patch 119076-11

Solaris systems are only impacted by this issue if they have an IPv6 address configured. If an IPv6 address is configured, the ifconfig(1M) command will show an output line which contains the word "IPv6" as in the following example:

    # /usr/sbin/ifconfig -a | /usr/bin/grep IPv6
    eri0: flags=2000840<RUNNING,MULTICAST,IPv6> mtu 1500 index 2

Symptoms

The system may panic with a stack trace similar to the following:

    ...
 msgdsize+0x54()
 ip_rput_frag_v6+0x9d4()
 ip_rput_data_v6+0x1254()
 putnext+0x450()
 ...

Workaround

There is no workaround if the system under consideration is using the IPv6 address for network communications. If an IPv6 address is enabled but not being used, then disabling the IPv6 address will prevent this issue from occurring on the system.

To disable the IPv6 address, use the ifconfig(1M) command. For example, If "eri0" is the network interface, then the following command will disable the IPv6 address:

    # /usr/sbin/ifconfig eri0 inet6 unplumb

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 116965-22 or later
  • Solaris 9 with patch 114344-20 or later
  • Solaris 10 with patch 119075-13 or later

x86 Platform

  • Solaris 8 with patch 116966-21 or later
  • Solaris 9 with patch 119435-10 or later
  • Solaris 10 with patch 119076-11 or later


References

119076-11
119075-13
116965-22
119435-10
114344-20
116966-21




Attachments
This solution has no attachment