Patch-ID# 102010-06 Keywords: security denial getsockopt RESET trap leak bus TCP SYN Synopsis: SunOS 4.1.3_U1: TCP Interface Patch Date: Jan/13/98 Solaris Release: 1.1.1A SunOS Release: 4.1.3_U1A Unbundled Product: Unbundled Release: Relevant Architectures: sparc NOTE: sun4(all) BugId's fixed with this patch: 4041410 1182957 1097784 1077939 1062394 1185571 1199120 1053503 1151988 1071377 1170239 4094997 Changes incorporated in this version: 4094997 Patches accumulated and obsoleted by this patch: 101790-01 Patches required with this patch: Patches which conflict with this patch: Obsoleted by: Files included with this patch: ip_output.o tcp_usrreq.o tcp_timer.o tcp_input.o tcp_output.o Problem Description: -01 & -02 rev: 1199120 TCP connections do not reset correctly after crash-restart 1053503 Under certain conditions the tcp code gets in a loop and continuously sends acks, when using the loopback interface this freezes the system. 1151988 System panic in tcp_respond() 1071377 sigio was not being generated properly when tcp sockets were used 1170239 Exponential backoff timer not reset -03 Rev: 1097784 TCP "reset"s can cause an mbuf leak, resulting in mbuf map full 1077939 If an application does a getsockopt() on a SOCK_STREAM (TCP) socket after the other side of the connection has sent a TCP RESET for the stream, the kernel gets a Bus Trap in the tcp_ctloutput() or ip_ctloutput() routine. 1062394 A TCP RESET will be sent if the application does a write() to the socket after the other side of the connection has closed the socket (causing the remote end to be in FIN_WAIT_2 state, and the local end to be in CLOSE_WAIT state). 1185571 System table file entry leaking for socket -04 Rev: 1182957 SYN attack may cause TCP denial of service -05 Rev: 4041410 rcp connection can be incorrectly reset by 2.X peer -06 Rev: 4094997 SunOS 4.x is vulnerable to land.c attack Patch Installation Instructions: 1) As root, save a copy of files to be patched: mv /sys/`arch -k`/OBJ/tcp_usrreq.o /sys/`arch -k`/OBJ/tcp_usrreq.o.FCS mv /sys/`arch -k`/OBJ/ip_output.o /sys/`arch -k`/OBJ/ip_output.o.FCS mv /sys/`arch -k`/OBJ/tcp_timer.o /sys/`arch -k`/OBJ/tcp_timer.o.FCS mv /sys/`arch -k`/OBJ/tcp_input.o /sys/`arch -k`/OBJ/tcp_input.o.FCS mv /sys/`arch -k`/OBJ/tcp_output.o /sys/`arch -k`/OBJ/tcp_output.o.FCS 2) Install the patched files and set permissions: cp `arch -k`/tcp_usrreq.o /sys/`arch -k`/OBJ cp `arch -k`/ip_output.o /sys/`arch -k`/OBJ cp `arch -k`/tcp_timer.o /sys/`arch -k`/OBJ cp `arch -k`/tcp_input.o /sys/`arch -k`/OBJ cp `arch -k`/tcp_output.o /sys/`arch -k`/OBJ chmod 444 /sys/`arch -k`/OBJ/tcp_*.o chmod 444 /sys/`arch -k`/OBJ/ip_output.o 3) Rebuild the new kernel. Please refer to the System and Network Administration manual for details on building and installing a new kernel.