Note: This is an archival copy of Security Sun Alert 201252 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000936.1.
Article ID : 1000936.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-10-25
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Solaris 10 SCTP INIT Processing

Category
Security

Release Phase
Resolved

Product
Solaris 10 Operating System

Bug Id
6596850

Date of Resolved Release
26-OCT-2007

Impact

A security vulnerability in Solaris 10 SCTP INIT processing (see sctp(7P)) may allow a privileged remote user to panic the system, resulting in a Denial of Service (DoS).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 127716-01

x86 Platform

  • Solaris 10 without patch 127717-01

Note: Solaris 8 and Solaris 9 are not impacted by this issue.

This issue only affects systems with a "SCTP" socket in the "LISTEN" state. To determine if a host has such a socket, the following command may be used:

    $ netstat -an -P sctp | grep LISTEN

If the system does not have any "SCTP" sockets in the "LISTEN" state, it is not vulnerable to this issue.


Symptoms

Should the described issue occur, the system may panic with a stack trace similar to the following:

    ...
    sctp_lookup_faddr_nosctp
    sctp_secure_restart_check
    sctp_process_cookie
    ...

 


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 127716-01 or later

x86 Platform

  • Solaris 10 with patch 127717-01 or later


References

127716-01
127717-01




Attachments
This solution has no attachment