Vulnerability in SUN's TCP/IP stack
Sun Microsystems has issued an advisory describing a vulnerability in the TCP/IP implementation in Solaris. The flaw allows attackers to bypass the security policies set by a firewall or even to cause a kernel panic by sending specially crafted packets to a vulnerable system. The vendor has released no further details about the nature of the problem, but it seems that it is caused by an error in the reassembly of fragmented packets.
According to Sun, the affected versions are Solaris 8, 9 and 10 on SPARC and x86 platforms. Patches have been released to solve the problem. Alternatively, Sun advises disabling packet reassembly by use of the following command:
ndd -set /dev/ip ip_reass_queue_bytes 0
However, fragmented packets will then no longer be processed and forwarded, making some networks unreachable.
- Security Vulnerability May Allow Firewall Compromise or Creation of Denial of Service (DoS) Condition , Sun advisory