A Security Vulnerability in the TCP Implementation of Solaris 10 Systems May Result in a System Panic Under High TCP/IP Traffic


Category :Security
Release Phase :Resolved
Product :Solaris 10 Operating System  
Bug Id :6404207  
Date of Resolved Release :13-FEB-2007 


Impact

A remote priviledged or unpriviledged user may be able to trigger a race condition in the TCP subsystem which can result in a system panic. The ability to panic a system is a type of Denial of Service (DoS).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

x86 Platform

  • Solaris 10 without patch 119999-01

Note: Solaris 8 and 9 are not impacted by this issue.


Symptoms

One of the following stack traces are seen:

  ------
  tcp_clean_death+0xb8()
  tcp_rput_data+0x1284()
  squeue_enter_chain+0x90()
  ip_input+0x824()
  putnext+0x218()
  ce_drain_fifo+0x52e4()
  thread_start+4()
  --------

  --------
  tcp_drop_q0+0x120()
  tcp_conn_request+0x108()
  squeue_drain+0x134()
  squeue_enter_chain+0x350()
  ip_input+0x824()
  putnext+0x218()
  ce_drain_fifo+0x52e4()
  thread_start+4()
  ------

Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

SPARC Platform

x86 Platform

  • Solaris 10 with patch 119999-01 or later





Attachments
This solution has no attachment
 
Sun support customers:
more support information is available after you sign in.
 
»   Login
»   Register
»   Lost UserName/Password
 
Login Required

You must login and have a valid contract to access Sun's Premium content which includes:

  • Sun Alerts
  • Bugs
  • Patches
  • Solutions
  • White Papers
  • Documentation
  • Support Knowledge

Login Required

You must login and have a valid contract to access Sun's contracted features

Access Legend:

(Login to access)   Sun Contracted Content
(Login to access)   Sun Contracted Feature

Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

Search
Article Details
Article ID : 200103
Article Type : Sun Alert
Last reviewed : 2007-02-13
Audience : PUBLIC
Keywords :
Provide feedback  (help)
Page Tools
»  Print This Page
»  Email This Article
»  Bookmark This Article
Security Support
»   Security Center
»   Report Security Vulnerabilities
»   Security PGP Key
»   Sun Alert Notifications - RSS Feeds
»   Sun Alert Notifications - eNewsletter
»   Solaris Fingerprint Database
 
SunSolve Navigation
»   Forums for contracted customers
»   Licenses
»   Log a Service Request
»   Patches and Updates
»   Product Download Center
»   SunSystem Handbook
»   SunSolve Japan
SunSolve Feedback, Help and Updates
»   Blog
»   Community
»   Feedback
»   Help
»   Learn about SunSolve
»   Twitter
About Oracle | Oracle and Sun | Oracle RSS Feeds | Subscribe | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Your Privacy Rights | Copyright © 2010, Oracle Corporation and/or its affiliates | SunSolve Version 7.4.2 #1