A remote privileged user may be able to attempt an IKE exchange using a malformed payload, which could cause the in.iked(1M) process to crash, causing a Denial of Service (DoS) of IPSec key management services.

This issue is revealed by the test suite which is described in NISCC vulnerability #273756, which is available at http://www.uniras.gov.uk/niscc/docs/br-20051114-01013.html?lang=en

This issue can occur in the following releases:

SPARC Platform

• Solaris 9 without patch 113451-10
• Solaris 10 without patch 118371-06

x86 Platform

• Solaris 9 without patch 114435-09
• Solaris 10 without patch 118372-06

Notes:

1. Solaris 8 is not affected by this issue.
2. The described issue only affects systems running the IKE (Internet Key Exchange) daemon in.iked(1M).

To determine if the in.iked(1M) is running on a system, the following command can be run:

    # pgrep -l in.iked
    368 in.iked

If this issue has been exploited, the IKE daemon would no longer be running. To determine that the IKE (in.iked(1M)) daemon is NOT running on a system, the following command can be run:

    $ pgrep in.iked || echo "in.iked not running"

There is no workaround. Please see the "Resolution" section below.

This issue is addressed in the following releases:

SPARC Platform

• Solaris 9 with patch 113451-10 or later
• Solaris 10 with patch 118371-06 or later

x86 Platform

• Solaris 9 with patch 114435-09 or later
• Solaris 10 with patch 118372-06 or later

• State: Resolved
• Updated Contributing Factors, Relief/Workaround, and Resolution sections

This solution has no attachment