Sun Solaris netstat and ifconfig race condition denial of service
| solaris-netstatifconfig-race-condition-dos (28373) |  Low Risk |
Description:
Sun Solaris is vulnerable to a denial of service attack, caused by a race condition in netstat and ifconfig. A local attacker could exploit this vulnerability to cause a system panic.
Platforms Affected:
- Sun, Solaris 10 x86
- Sun, Solaris 10 SPARC
Remedy:
Refer to Sun Alert ID: 102569 for patch, upgrade, or suggested workaround information. See References.
Consequences:
Denial of Service
References:
- Sun Alert ID: 102569, On Solaris 10 a System Panic may Result due to a Race Condition Between netstat(1M) (or snmp queries) and ifconfig(1M) at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102569-1.
- BID-19493: Sun Solaris Netstat and Ifconfig Local Denial of Service Vulnerability
- CVE-2006-4139: Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.
- SA21471: Sun Solaris netstat/SNMP queries and ifconfig Race Condition
- SECTRACK ID: 1016690: Solaris netstat/ifconfig Race Condition May Let Local Users Deny Service
- VUPEN/ADV-2006-3274: Sun Solaris Netstat and SNMP Queries Race Condition Local Denial of Service Vulnerability
Reported:
Aug 11, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net