—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Sun Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

6797796 – Denial of Service Schwachstelle in Sun Solaris

In der IPv6 Implementierung von Sun Solaris ist eine Schwachstelle
enthalten. Beim Validieren von IPv6 Paketen kann eine Kernel Panic
ausgeloest werden, wenn die Pakete fehlerhaft aufgebaut sind. Ein
Angreifer kann diese Schwachstelle zum Absturz des Systems
ausnutzen (Denial of Service), indem er gezielt manipulierte
Pakete an ein betroffenes System schickt.

Betroffen sind die folgenden Software Pakete und Plattformen:

Solaris 10
OpenSolaris

SPARC Plattform:
* Solaris 10
* OpenSolaris basierend auf den Builds snv_01 bis snv_107

x86 Plattform:
* Solaris 10
* OpenSolaris basierend auf den Builds snv_01 bis snv_107

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-251006-1

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Michael Groening, DFN-CERT
– —

Michael Groening (Incident Response Team), +49 40 808077-555

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen https://www.cert.dfn.de/autowarn

Solution Type Sun Alert
Solution 251006 : A Security Vulnerability in Solaris IPv6
Implementation (ip6(7p)) May Cause a System Panic
Related Categories

* Home>Content>Sun Alert Criteria Categories>Security
* Home>Content>Sun Alert Release Phase>Workaround

Bug ID
6797796

Product
Solaris 10 Operating System
OpenSolaris

Date of Workaround Release
27-Jan-2009

SA Document Body
A Security Vulnerability in Solaris IPv6 Implementation (ip6(7p)) May Cause a S
ystem Panic

1. Impact
An insufficient validation security vulnerability in the Solaris IPv6
implementation (ip6(7p)) may allow a remote privileged user to panic
the system using a crafted packet. This is a type of Denial of Service
(DoS).
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform:
* Solaris 10
* OpenSolaris based upon builds snv_01 through snv_107

x86 Platform:
* Solaris 10
* OpenSolaris based upon builds snv_01 through snv_107

Notes:
1. Solaris 8 and Solaris 9 are not affected by this issue.
2. This issue only affects systems which have at least one IPv6
interface configured and “up”.
The ifconfig(1M) command can be used to list all IPv6 interfaces
configured and “up” on the system as follows:
$ ifconfig -au6

Solaris 10 does not have a default IPv6 interface configured since
administrators are required to enable or disable IPv6 at install time.
3. OpenSolaris distributions may include additional bug fixes above and
beyond the base build from which it was derived. The base build can be
derived as follows:
$ uname -v
snv_86

3. Symptoms
If the described issue occurs, the following panic string and stack
trace may be seen:

ipsec_needs_processing_v6
ipsec_needs_processing_v6 ()
ipsec_early_ah_v6 ()
ip_rput_data_v6 ()
ip_rput_v6 ()
putnext ()
dld_str_rx_fastpath ()
i_dls_link_rx ()
…

4. Workaround
Malformed packets can be blocked to prevent this issue from occurring
using Solaris IP Filter (ipfilter(5)) with the following rule:
block in quick all with short
Please refer to ipf(1M) and ipf(4) for enabling and configuring
ipfilter.
If an IPv6 interface is configured but not being used, then disabling
the IPv6 interface will also prevent this issue from occurring on the
system.
To disable all IPv6 interfaces on a system, following command can be
run as root:
# ifconfig -a6 down

The following Interim Security Relief (ISRs) are available from
http://www.sunsolve.sun.com/tpatches
SPARC Platform
* Solaris 10 IDR140811-01

x86 Platform
* Solaris 10 IDR140812-01

Note: This document refers to one or more Interim Security Relief
(ISRs) which are designed to address the concerns identified herein.
Sun has limited experience with these (ISRs) due to their interim
nature. As such, you should only install the ISRs on systems meeting
the configurations described above. Sun may release full patches at a
later date, however, Sun is under no obligation whatsoever to create,
release, or distribute any such patch.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* OpenSolaris based upon builds snv_108 or later

x86 Platform:
* OpenSolaris based upon builds snv_108 or later

A final resolution is pending completion for Solaris 10.
For more information on Security Sun Alerts, see Technical Instruction
ID 213557.
This Sun Alert notification is being provided to you on an “AS IS”
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
Attachments
This solution has no attachment

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFJhwtDk0kIxZMiiQ8RAmg2AJ9tQU+0v1F4KlINSAgzZQpPJ9fVAQCbBVoK
Aoe/tU+xSYWwQYhW0LZTseo=
=WGLI
—–END PGP SIGNATURE—–