SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (UNIX)  >  TCP/IP Stack Implementation Vendors:  Sun
Sun Solaris TCP/IP Stack NULL Pointer Bug in ip_sioctl_copyin_done() Lets Local Users Panic the System
SecurityTracker Alert ID:  1009946
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 26 2004
Impact:  Denial of service via local system
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): Solaris 8, 9
Description:  A vulnerability was reported in the Sun Solaris TCP/IP stack implementation. A local user can cause a system panic.

Sun reported that a local user can invoke the ip_sioctl_copyin_done() function to cause a NULL queue pointer to be passed to the putnext() function, resulting in a panic.

Solaris 8 and 9 are affected. Solaris 7 is not affected.
Impact:  A local user can cause a system panic.
Solution:  Sun has issued the following fixes:

SPARC Platform

Solaris 8 with patch 116895-01 or patch 117000-03 or later
Solaris 9 with patch 112233-12 or later

x86 Platform

Solaris 8 with patch 116896-01 or patch 117001-03 or later
Solaris 9 with patch 112234-12 or later

Sun notes that Patch 116895-01 has been accumulated and obsoleted by patch 117000-03 and patch 116896-01 has been accumulated and obsoleted by patch 117001-03.
Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57545 (Links to External Site)
Cause:  Boundary error
Underlying OS:  UNIX (Solaris - SunOS)

Message History:   None.

 Source Message Contents
Date:  Mon, 26 Apr 2004 09:26:16 -0400
Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57545

 

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57545

57545   A Security Vulnerability With the Solaris TCP/IP Networking Stack May Allow an 
Unpriviledged User to Cause a Denial of Service   23 Apr 2004

Sun reported that a local user may be able to cause a system panic due to an unspecified 
flaw in the Solaris TCP/IP networking stack.  A local user can reportedly invoke the 
ip_sioctl_copyin_done() function to cause a NULL queue pointer to be passed to the 
putnext() function, resulting in a panic.

Solaris 8 and 9 are affected.  Solaris 7 is not affected.

Sun has issued the following fixes:

SPARC Platform

Solaris 8 with patch 116895-01 or patch 117000-03 or later
Solaris 9 with patch 112233-12 or later

x86 Platform

Solaris 8 with patch 116896-01 or patch 117001-03 or later
Solaris 9 with patch 112234-12 or later

Sun notes that Patch 116895-01 has been accumulated and obsoleted by patch 117000-03 and 
patch 116896-01 has been accumulated and obsoleted by patch 117001-03.

-----

Sun Alert ID: 57545
Synopsis: A Security Vulnerability With the Solaris TCP/IP Networking Stack May Allow an 
Unprivileged User to Cause a Denial of Service
Category: Security
Product: Solaris
BugIDs: 4935283
Avoidance: Patch
State: Resolved
Date Released: 23-Apr-2004
Date Closed: 23-Apr-2004
Date Modified:


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC