IPv6 Vulnerability in Solaris 10 and OpenSolaris
Just a quick heads up - Sun has issued a Security Alert about a vulnerability in IPv6 in Solaris 10 and OpenSolaris builds 101 - 107:
SunAlert: 251006
Title: A Security Vulnerability in Solaris IPv6 Implementation (ip6(7p)) May Cause a System Panic
An insufficient validation security vulnerability in the Solaris IPv6 implementation (ip6(7p)) may allow a remote privileged user to panic the system using a crafted packet. This is a type of Denial of Service (DoS).
An IDR/ISR is available for this issue and is linked to in the SunAlert.
If you're in an environment which needs approval before applying any patches, or who can't use test patches in production, the SunAlert also details two workarounds:
- Disable IPv6:
# ifconfig -a6 down
- IPFilter Rule:
block in quick all with short
As this is a publicly available document and vulnerability, it is highly recommended that you apply the IDR/ISR or one of the workarounds ASAP.
If you're not using IPv6 at all, then you have nothing to worry about.