Technical Description

A vulnerability has been identified in Sun Solaris, which could be exploited by local attackers to cause a denial of service or gain elevated privileges. This issue is caused by an integer overflow error in the "ip_set_srcfilter()" [ip_multi.c] function when handling specially crafted SIOCSIPMSFILTER IOCTL requests, which could allow malicious unprivileged users the ability to panic the system or execute arbitrary commands with kernel privileges.

Affected Products

Sun Solaris 10
Sun OpenSolaris builds snv_13 through snv_91

Solution

Sun Solaris 10 (SPARC)- Apply patch 137111-01 or later
Sun OpenSolaris (SPARC) - Upgrade to build snv_92 or later

Sun Solaris 10 (x86) - Apply patch 137112-01 or later
Sun OpenSolaris (x86) - Upgrade to build snv_92 or later

References

http://www.vupen.com/english/advisories/2008/1832
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237965-1
http://www.trapkit.de/advisories/TKADV2008-003.txt

Credits

Vulnerability reported by Tobias Klein.

ChangeLog

2008-06-13 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.