An unprivileged local or remote user may be able to panic a Solaris 10 system which is configured to use IPv6 (ip6(7p)) but is not configured to use the IPsec stack (ipsec(7P)), therefore causing a Denial of Service to the system as a whole.

This issue can occur in the following releases:

SPARC Platform

• Solaris 10 without patch 125100-09

x86 Platform

• Solaris 10 without patch 125101-09

Note 1: Solaris 8 and Solaris 9 are not affected by this issue.

Note 2: This issue only affects systems which have IPv6 interfaces but which are not configured to use the IPsec stack.

The following command can be run to determine and list all IPv6 interfaces configured on the host:

    $ ifconfig -a6

Solaris 10 does not have a default IPv6 setting since administrators are required to enable or disable IPv6 interfaces at install time.

The following command can be used to determine if the IPsec stack has been loaded on a system:

    $ modinfo | grep ipsec

If the described issue occurs, the system will panic with a stack trace similar to the following:

    ip_rput_data_v6+0x28cc(600106ee2a0, 600132c98a8, 60013279140, 428, 600132c98a8, 0)
    ip_rput_v6+0x64c(600106ee2a0, 60013279180, 0, 132a84bc, 600132c98a8, 300000d1d80)
    putnext+0x208(600106ee490, 600106ee2a0, 60013279180, 100, 1814c00, 0)
    dld_str_rx_fastpath+0x90(6001102ddc8, 600132a8094, 60013279180, 0, 0, 0)
    i_dls_link_rx+0x2d0(600132cde38, 0, 60013279180, 131273c, 0, 86dd000)
    mac_rx+0x44(0, 0, 60013279180, 1314c48, 60010598120, 600132cbf10)
    e1000g_intr+0xb0(80, 6001138c000, 6001138c230, 60013279180, 6001138c238, b)
    pci_intr_wrapper+0xac(600107aa370, 300003dd8e8, 7bafa2ac, 6001138c000, 
    60011006560, 0)
    intr_thread+0x168(183f8a0, 1055b40, 1813800, 180c000, 3852e9, 60010615f80)
    idle+0x38(181281c, 1, 180c000, 1837fc0, 1, 1812800)
    thread_start+4(0, 0, 0, 0, 0, 0)

Until patches can be applied, sites may wish to workaround this issue by loading the IPsec stack. This can be done by the root user via the following commands:

    # touch /etc/inet/ipsecinit.conf
    # ipsecconf -qa  /etc/inet/ipsecinit.conf

Note 1: This does NOT enable encryption using IPsec, but it works around the issue by simply having the IPsec functionality loaded onto the TCP/IP stack.

Note 2: The workaround is persistent across reboot.

This issue is addressed in the following releases:

SPARC Platform:

• Solaris 10 with patch 125100-09 or later

x86 Platform:

• Solaris 10 with patch 125101-09 or later

This solution has no attachment