Sun Solaris IP routing table security bypass
| solaris-ip-route-bypass (27935) |  Low Risk |
Description:
Sun Solaris could allow a local attacker to bypass routing table restrictions, caused by an unspecified vulnerability in Sun's Internet Protocol (IP) Implementation. An attacker could use this vulnerability to bypass firewall restrictions and connect to remote hosts that would normally be unreachable.
Platforms Affected:
- Sun, Solaris 10 x86
- Sun, Solaris 10 SPARC
Remedy:
Refer to Sun Alert ID: 102509 for patch, upgrade, or suggested workaround information. See References.
Consequences:
Bypass Security
References:
- Sun Alert ID: 102509, Security Vulnerability in Sun's Internet Protocol (IP) Implementation May Allow Local Users to Bypass the Routing Table at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102509-1.
- BID-19108: Sun Internet Protocol Implementation Routing Table Bypass Vulnerability
- CVE-2006-3825: The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.
- SA21163: Sun Solaris IP Implementation Routing Table Bypass
- VUPEN/ADV-2006-2937: Sun Solaris Internet Protocol Implementation Routing Table Security Bypass Vulnerability
Reported:
Jul 21, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net