On Solaris 8, 9 and 10 systems utilizing an IPv6 address, a remote unprivileged user may be able to panic the system, causing a Denial of Service (DoS) condition.

This issue can occur in the following releases:

SPARC Platform

• Solaris 8 without patch 116965-22
• Solaris 9 without patch 114344-20
• Solaris 10 without patch 119075-13

x86 Platform

• Solaris 8 without patch 116966-21
• Solaris 9 without patch 119435-10
• Solaris 10 without patch 119076-11

Solaris systems are only impacted by this issue if they have an IPv6 address configured. If an IPv6 address is configured, the ifconfig(1M) command will show an output line which contains the word "IPv6" as in the following example:

    # /usr/sbin/ifconfig -a | /usr/bin/grep IPv6
    eri0: flags=2000840<RUNNING,MULTICAST,IPv6> mtu 1500 index 2

The system may panic with a stack trace similar to the following:

    ...
    msgdsize+0x54()
    ip_rput_frag_v6+0x9d4()
    ip_rput_data_v6+0x1254()
    putnext+0x450()
    ...

There is no workaround if the system under consideration is using the IPv6 address for network communications. If an IPv6 address is enabled but not being used, then disabling the IPv6 address will prevent this issue from occurring on the system.

To disable the IPv6 address, use the ifconfig(1M) command. For example, If "eri0" is the network interface, then the following command will disable the IPv6 address:

    # /usr/sbin/ifconfig eri0 inet6 unplumb

This issue is addressed in the following releases:

SPARC Platform

• Solaris 8 with patch 116965-22 or later
• Solaris 9 with patch 114344-20 or later
• Solaris 10 with patch 119075-13 or later

x86 Platform

• Solaris 8 with patch 116966-21 or later
• Solaris 9 with patch 119435-10 or later
• Solaris 10 with patch 119076-11 or later

This solution has no attachment