A security vulnerability in the Solaris 8 and 9 IP implementation may allow a remote unprivileged user to degrade the performance of a networked Solaris system by sending specially crafted IP packets. This could result in a mild Denial of Service (DoS) against network services provided by the system and/or local services, due to increased CPU usage.

This issue can occur in the following releases:

SPARC Platform

• Solaris 8 without patch 116965-29
• Solaris 9 without patch 114344-29

x86 Platform

• Solaris 8 without patch 116966-29
• Solaris 9 without patch 119435-18

Note: Solaris 10 is not affected by this issue.

Solaris 8 and 9 systems may see high numbers of duplicate IP fragments and/or high number of reassembly failures of IP fragments. For example, running the command:

    % /usr/bin/netstat -s | /usr/bin/egrep 'ReasmDuplicates|ReasmFails'

may show high value for counters ip[v6]ReasmDuplicates and ip[v6]ReasmFails.

Further, Solaris 8 and 9 systems with a single processor may see a noticeable increase in CPU usage. For example the vmstat(1M) 'sy' column may show a high percentage of CPU time being spent in kernel.

There is no workaround for this issue. Please see the Resolution section below.

This issue is addressed in the following releases:

SPARC Platform

• Solaris 8 with patch 116965-29 or later
• Solaris 9 with patch 114344-29 or later

x86 Platform

• Solaris 8 with patch 116966-29 or later
• Solaris 9 with patch 119435-18 or later

Note: Patches previously listed here for resolution to this issue (116965-26, 114344-25, 116966-25, 119435-15) have been withdrawn and are no longer available on SunSolve. Please see Sun Alert 103023 for more details.

• Updated Contributing Factors and Resolution sections
• Status reset to "Preliminary"

• Updated Contributing Factors and Resolution sections

• Updated Contributing Factors and Resolution sections
• State: Resolved

This solution has no attachment