{"vuid":"VU#967236","idnumber":"967236","name":"Sun Solaris fails to properly process ICMP packets","keywords":["Sun","Solaris","DoS","denial of service","ICMP ping requests"],"overview":"Sun Solaris fails to properly handle ICMP packets, which may allow a remote, unauthenticated attacker to cause a denial of service.","clean_desc":"Sun Solaris 10 contains an unspecified error that can cause a system panic when handling a specially crafted ICMP packet. Note that Solaris 8 and 9 are not affected by this issue.","impact":"A remote, unauthenticated attacker may be able to create a denial-of-service condition by causing a system panic on a vulnerable Sun Solaris system.","resolution":"Apply a patch\nThis issue is addressed by patch 118833-28 for Solaris 10 on SPARC systems, and patch 118855-28 for Solaris 10 on x86 systems. More details are available in SunSolve Alert 102697.","workarounds":"Filter ICMP traffic This vulnerability can be mitigated by filtering ICMP traffic at the network perimeter and by filtering ICMP at the host level, such as with ipfilter.","sysaffected":"","thanks":"Thanks to Sun for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://sunsolve.sun.com/search/document.do?assetkey=1-26-102697-1","http://secunia.com/advisories/23982/","http://securitytracker.com/alerts/2007/Jan/1017574.html","http://www.securityfocus.com/bid/22323"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-01-31T13:34:27Z","publicdate":"2007-01-31T00:00:00Z","datefirstpublished":"2007-01-31T18:08:38Z","dateupdated":"2007-02-07T19:53:06Z","revision":8,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"14","cam_exploitation":"0","cam_internetinfrastructure":"14","cam_population":"17","cam_impact":"3","cam_easeofexploitation":"5","cam_attackeraccessrequired":"18","cam_scorecurrent":"2.40975","cam_scorecurrentwidelyknown":"2.926125","cam_scorecurrentwidelyknownexploited":"4.647375","ipprotocol":"ICMP","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.40975,"vulnote":null}