[security-alerts] FW: [SA17554] Sun Solaris in.iked ISAKMP IKE Message Processing Denial of Service

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> 
> TITLE:
> Sun Solaris in.iked ISAKMP IKE Message Processing Denial of Service
> 
> SECUNIA ADVISORY ID:
> SA17554
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/17554/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Sun Solaris 10
> http://secunia.com/product/4813/
> Sun Solaris 9
> http://secunia.com/product/95/
> 
> DESCRIPTION:
> Sun has acknowledged a vulnerability in Solaris, which can be
> exploited by malicious people to cause a DoS (Denial of Service).
> 
> The vulnerability is caused due to an error in the "libike" library
> when processing IKE messages. This can be exploited to crash the
> "in.iked" process, which causes the IPSec key management services
> fail.
> 
> The vulnerability is related to:
> SA17553
> 
> The vulnerability has been reported in Solaris 9 and 10 on both SPARC
> and x86 platforms.
> 
> SOLUTION:
> Preliminary T-patches are available.
> http://sunsolve.sun.com/tpatches
> 
> -- SPARC Platform --
> 
> Solaris 9:
> Apply T-patch T113451-10.
> 
> Solaris 10:
> Apply T-patch T118371-06.
> 
> -- x86 Platform --
> 
> Solaris 9:
> Apply T-patch T114435-09.
> 
> Solaris 10:
> Apply T-patch T118372-06.
> 
> ORIGINAL ADVISORY:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102040-1
> 
> OTHER REFERENCES:
> SA17553:
> http://secunia.com/advisories/17553/
> 
> ----------------------------------------------------------------------
>