Overview
The Sun Solaris Kernel SSL Proxy service contains a flaw that may allow a remote attacker to cause a denial of service condition.
Description
Sun Solaris 10 operating system provides a module called the SSL Kernel Proxy to improve the performance of applications that do SSL packet processing. This module contains an unspecified vulnerability that may allow an unprivileged remote attacker to act as an SSL client to cause the system to crash. Sun states that the following versions are vulnerable: |
Impact
An unprivileged remote attacker may be able to cause an affected system's kernel to panic, resulting in a denial-of-service condition. |
Solution
Apply an Update |
Workaround
To disable the Kernel SSL Proxy service, the svcadm(1M) command can be used for each instance of the service: # svcadm disable svc:/network/ssl/proxy:<instance_suffix> To disable and delete the Kernel SSL Proxy service, the ksslcfg(1M) can be used for each instance of the service: # ksslcfg delete [host] <ssl_port> |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This vulnerability was reported by Sun Microsystems in Sun Alert 102563
This document was written by Katie Steiner.
Other Information
CVE IDs: | CVE-2006-5075 |
Severity Metric: | 1.40 |
Date Public: | 2006-09-27 |
Date First Published: | 2007-01-29 |
Date Last Updated: | 2007-02-07 15:15 UTC |
Document Revision: | 19 |