Note: This is an archival copy of Security Sun Alert 251006 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020022.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
A Security Vulnerability in Solaris IPv6 Implementation (ip6(7p)) May Cause a System Panic
An insufficient validation security vulnerability in the Solaris IPv6 implementation (ip6(7p)) may allow a remote privileged user to panic the system using a crafted packet. This is a type of Denial of Service (DoS).
2. Contributing Factors
This issue can occur in the following releases:
1. Solaris 8 and Solaris 9 are not affected by this issue.
2. This issue only affects systems which have at least one IPv6 interface configured and "up".
The ifconfig(1M) command can be used to list all IPv6 interfaces configured and "up" on the system as follows:
$ ifconfig -au6Solaris 10 does not have a default IPv6 interface configured since administrators are required to enable or disable IPv6 at install time.
3. OpenSolaris distributions may include additional bug fixes above and beyond the base build from which it was derived. The base build can be derived as follows:
$ uname -v3. Symptoms
If the described issue occurs, the following panic string and stack trace may be seen:
4. Workaroundipsec_needs_processing_v6ipsec_needs_processing_v6 ()
Malformed packets can be blocked to prevent this issue from occurring using Solaris IP Filter (ipfilter(5)) with the following rule:
block in quick all with short
Please refer to ipf(1M) and ipf(4) for enabling and configuring ipfilter.
If an IPv6 interface is configured but not being used, then disabling the IPv6 interface will also prevent this issue from occurring on the system.
To disable all IPv6 interfaces on a system, following command can be run as root:
# ifconfig -a6 down
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
03-Apr-2009: Updated Contributing Factors and Resolution sections, issue Resolved
This solution has no attachment