Sun Alert 267088 Multiple Security Vulnerabilities in Solaris TCP (see tcp(7P)) Implementation May Lead to a Denial of Service (DoS) Condition
By chandan on Jan 18, 2010
Multiple security vulnerabilities exist in the Solaris TCP (seetcp(7P)) implementation due to the lack of resource control mechanisms.These issues may allow a remote privileged user with real IP addressesor subnet to easily cause certain network services on the affectedsystem to become unresponsive, which is a type of Denial of Service(DoS). The extent of the impact depends on the network application.
These issues are also referenced in the following documents:
CERT-FI Advisory on the Outpost24 TCP Issues [FICORA #193744] at https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html
CVE CVE-2008-4609 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609
US-CERT VU#723308 at http://www.kb.cert.org/vuls/id/723308
Sun acknowledges with thanks, Jack C. Louis and Robert E. Lee ofOutpost24, and CERT-FI for bringing these issues to our attention.