In association with heise online

25 February 2008, 09:28

Vulnerability in SUN's TCP/IP stack

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Sun Microsystems has issued an advisory describing a vulnerability in the TCP/IP implementation in Solaris. The flaw allows attackers to bypass the security policies set by a firewall or even to cause a kernel panic by sending specially crafted packets to a vulnerable system. The vendor has released no further details about the nature of the problem, but it seems that it is caused by an error in the reassembly of fragmented packets.

According to Sun, the affected versions are Solaris 8, 9 and 10 on SPARC and x86 platforms. Patches have been released to solve the problem. Alternatively, Sun advises disabling packet reassembly by use of the following command:

ndd -set /dev/ip ip_reass_queue_bytes 0

However, fragmented packets will then no longer be processed and forwarded, making some networks unreachable.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit