Sun Alert 267088 Multiple Security Vulnerabilities in Solaris TCP (see tcp(7P)) Implementation May Lead to a Denial of Service (DoS) Condition

Product: Solaris 8, Solaris 9, Solaris 10, OpenSolaris

Multiple security vulnerabilities exist in the Solaris TCP (seetcp(7P)) implementation due to the lack of resource control mechanisms.These issues may allow a remote privileged user with real IP addressesor subnet to easily cause certain network services on the affectedsystem to become unresponsive, which is a type of Denial of Service(DoS). The extent of the impact depends on the network application.

These issues are also referenced in the following documents:

CERT-FI Advisory on the Outpost24 TCP Issues [FICORA #193744] at https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html

CVE CVE-2008-4609 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609

US-CERT VU#723308 at http://www.kb.cert.org/vuls/id/723308

Sun acknowledges with thanks, Jack C. Louis and Robert E. Lee ofOutpost24, and CERT-FI for bringing these issues to our attention.

State: Workaround
First released: 09-Sep-2009
Comments:

Post a Comment:
Comments are closed for this entry.
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today