Patch-ID# 102517-05 Keywords: loopback keepalive tcp_respond sigio SYN security denial Synopsis: SunOS 4.1.4: TCP Interface Patch Date: Jan/13/98 Solaris Release: 1.1.2 SunOS release: 4.1.4 Unbundled Product: Unbundled Release: Relevant Architectures: sun4(all) BugId's fixed with this patch: 1182957 1199120 1053503 1151988 1071377 1170239 1185571 4041410 4094997 Changes incorporated in this version: 4094997 Patches accumulated and obsoleted by this patch: Patches which may conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: tcp_input.o tcp_output.o tcp_timer.o tcp_usrreq.o Problem Descriptions: -05 Rev: 4094997 SunOS 4.x is vulnerable to land.c attack -04 Rev: 4041410 rcp connection may be incorrectly reset by 2.X peer -03 Rev: 1182957 SYN attack may cause TCP denial of service -02 Rev: 1185571 System table file entry leaking for socket -01 Rev: 1199120 TCP connections do not reset correctly after crash-restart 1170239 Exponential backoff timer not reset 1053503 Under certain conditions the tcp code gets in a loop and continuously sends acks, when using the loopback interface this freezes the system. 1151988 System panic in tcp_respond() 1071377 sigio was not being generated properly when tcp sockets were used. Patch Installation Instructions: As root: 1) Save a copy of the files to be patched: cd /sys/`arch -k`/OBJ mv tcp_input.o tcp_input.o.FCS mv tcp_output.o tcp_output.o.FCS mv tcp_timer.o tcp_timer.o.FCS mv tcp_usrreq.o tcp_usrreq.o.FCS 2) Install the patched files and set permissions: cp `arch -k`/tcp_input.o /sys/`arch -k`/OBJ cp `arch -k`/tcp_output.o /sys/`arch -k`/OBJ cp `arch -k`/tcp_timer.o /sys/`arch -k`/OBJ cp `arch -k`/tcp_usrreq.o /sys/`arch -k`/OBJ chmod 444 /sys/`arch -k`/OBJ/tcp_*.o 3) Config, make and install a new kernel. Please refer to the System and Network Administration manual for details on building and installing a custom kernel.