Possible Denial of Service vulnerability in Solaris

Sun has discovered vulnerabilities in Solaris 10 for the SPARC and x86 platforms that enable attackers to paralyse targeted systems. Patches are available to rectify the problem.

Advertisement

The security advisory warns that local users or remote attackers can use crafted packets in the Stream Control Transmission Protocol (SCTP) to trigger a system panic and denial of service (DoS). Attackers can also flood a network with SCTP packages, loading the computer so that it no longer responds. Sun gives no details of these vulnerabilities, but says both the SPARC and x86 implementations of Solaris 10 are affected. Solaris 8 and 9, on the other hand, are said to be unaffected. Sun has provided patches to rectify the problem: 127127-08 for the SPARC platform and 127128-08 for the x86 architecture. Administrators should swiftly download and apply the relevant patch.

See also:

• A Security Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Panic and Denial of Service (DoS), security advisory from Sun
• A Security Vulnerability in Solaris 10 Involving the SCTP Protocol May Result in a Denial of Network Services Due to Network Flooding, vulnerability report from Sun

(ju)