Note: This is an archival copy of Security Sun Alert 264808 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020787.1.
Article ID : 1020787.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-12-05
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in Solaris Trusted Extensions Involving the Parsing of Labeled Packets May Result in Denial of Service (DoS)

Category
Security

Category
Availability

Release Phase
Resolved

Bug Id
6794914

Product
Solaris 10 Operating System
OpenSolaris

Date of Resolved Release
29-Jul-2009

A remote user may be able to panic systems configured with Solaris Trusted Extensions ... (see below)

1. Impact

A security vulnerability in Solaris Trusted Extensions when parsing labeled packets may allow a
remote privileged user to be able to panic the system which is a type of Denial of Service (DoS).


2. Contributing Factors

This issue can occur on the following releases:

SPARC platform

  • Solaris 10 Update 3 (11/06) or later without patch 141414-06
  • OpenSolaris based upon builds snv_37 through snv_120

x86 Platform

  • Solaris 10 Update 3 (11/06) or later without patch 141415-06
  • OpenSolaris based upon builds snv_37 through snv_120

Notes: Solaris 8 and 9 are not impacted by this issue.

This issue only impacts systems which have Solaris Trusted Extensions installed and running.
To determine if Trusted Extensions is installed and running on a host, execute the
following command in the global zone:

         $ svcs labeld
         online         16:19:20 svc:/system/labeld:default

If Trusted Extensions is configured and running, the labeld service will have an instance in the online state.


3. Symptoms

If this issue occurs, the system may panic with a stack trace similar to the following:

     unix:real_mode_end+72c1 ()
     unix:trap+5e6 ()
     unix:_cmntrap+140 ()
     ip:tsol_get_option+20 ()
     ip:ip_input+45b ()
     dls:i_dls_link_rx+32e ()
     mac:mac_rx+71 ()
     bge:bge_receive+98 ()
     bge:bge_intr+f6 ()


4. Workaround

There is no workaround to this issue. See the 'Resolution' section below.



5. Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 141414-06 or later
  • OpenSolaris based upon builds snv_121 or later

x86 Platform

  • Solaris 10 with patch 141415-06 or later
  • OpenSolaris based upon builds snv_121 or later

For more information on Security Sun Alerts, see


References

141414-06
141415-06

References

SUNPATCH:141414-06
SUNPATCH:141415-06



Attachments
This solution has no attachment