—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Sun Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

Bitte beachten Sie, dass dies ein Update des Advisories ist, das die
folgenden Aenderungen betrifft:

Mit diesem Update stellt Sun Patches fuer Solaris 10 zur Verfuegung

6797796 – Denial of Service Schwachstelle in Sun Solaris

In der IPv6 Implementierung von Sun Solaris ist eine Schwachstelle
enthalten. Beim Validieren von IPv6 Paketen kann eine Kernel Panic
ausgeloest werden, wenn die Pakete fehlerhaft aufgebaut sind. Ein
Angreifer kann diese Schwachstelle zum Absturz des Systems ausnutzen
(Denial of Service), indem er gezielt manipulierte Pakete an ein
betroffenes System schickt.

Betroffen sind die folgenden Software Pakete und Plattformen:

SPARC Plattform:
* Solaris 10 ohne Patch 138888-08
* OpenSolaris basierend auf den Builds snv_01 bis snv_107

x86 Plattform:
* Solaris 10 ohne Patch 138889-08
* OpenSolaris basierend auf den Builds snv_01 bis snv_107

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-251006-1

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Jan Kohlrausch (CSIRT), Phone +49 40 808077-555

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

CarmentiS – Early Warning Expertise
https://www.carmentis.org

Solution Type Sun Alert
Solution 251006 : A Security Vulnerability in Solaris IPv6
Implementation (ip6(7p)) May Cause a System Panic
Related Categories

* Home>Content>Sun Alert Criteria Categories>Security
* Home>Content>Sun Alert Release Phase>Resolved

Bug ID
6797796

Product
Solaris 10 Operating System
OpenSolaris

Date of Workaround Release
27-Jan-2009

Date of Resolved Release
03-Apr-2009

SA Document Body
A Security Vulnerability in Solaris IPv6 Implementation (ip6(7p)) May Cause a S
ystem Panic

1. Impact
An insufficient validation security vulnerability in the Solaris IPv6
implementation (ip6(7p)) may allow a remote privileged user to panic
the system using a crafted packet. This is a type of Denial of Service
(DoS).
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform:
* Solaris 10 without patch 138888-08
* OpenSolaris based upon builds snv_01 through snv_107

x86 Platform:
* Solaris 10 without patch 138889-08
* OpenSolaris based upon builds snv_01 through snv_107

Notes:
1. Solaris 8 and Solaris 9 are not affected by this issue.
2. This issue only affects systems which have at least one IPv6
interface configured and “up”.
The ifconfig(1M) command can be used to list all IPv6 interfaces
configured and “up” on the system as follows:
$ ifconfig -au6

Solaris 10 does not have a default IPv6 interface configured since
administrators are required to enable or disable IPv6 at install time.
3. OpenSolaris distributions may include additional bug fixes above and
beyond the base build from which it was derived. The base build can be
derived as follows:
$ uname -v
snv_86

3. Symptoms
If the described issue occurs, the following panic string and stack
trace may be seen:

ipsec_needs_processing_v6
ipsec_needs_processing_v6 ()
ipsec_early_ah_v6 ()
ip_rput_data_v6 ()
ip_rput_v6 ()
putnext ()
dld_str_rx_fastpath ()
i_dls_link_rx ()
…

4. Workaround
Malformed packets can be blocked to prevent this issue from occurring
using Solaris IP Filter (ipfilter(5)) with the following rule:
block in quick all with short
Please refer to ipf(1M) and ipf(4) for enabling and configuring
ipfilter.
If an IPv6 interface is configured but not being used, then disabling
the IPv6 interface will also prevent this issue from occurring on the
system.
To disable all IPv6 interfaces on a system, following command can be
run as root:
# ifconfig -a6 down

5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Solaris 10 with patch 138888-08 or later
* OpenSolaris based upon builds snv_108 or later

x86 Platform:
* Solaris 10 with patch 138889-08 or later
* OpenSolaris based upon builds snv_108 or later

For more information on Security Sun Alerts, see Technical Instruction
ID 213557.
This Sun Alert notification is being provided to you on an “AS IS”
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
Modification History
03-Apr-2009: Updated Contributing Factors and Resolution sections, issue Resolv
ed

Attachments
This solution has no attachment

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFJ2x1Vk0kIxZMiiQ8RAslTAJ4mVn6GFG7slGOfQu6nZnQ1Dgp6IQCeKOC5
Bw0AE2Us8C6pkFza2EVdY8g=
=DFde
—–END PGP SIGNATURE—–