Several people have made comments on how one can panic a Solaris system
using ping, and on how to protect one's system from this exploit.
Thanks to those who contributed to the dialogue and subsequent solutions.
Sun is developing patches for Solaris 2.3 to 2.5.1 to fix this.
The latest version of Solaris 2.6 has been fixed and SunOS 4.1.3_U1 and
4.1.4 are not affected. Sun will announce these patches in an upcoming
Security Bulletin soon.
As a temporary workaround, Sun strongly recommends that all affected
systems be protected by executing the following command as root:
/usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0
and add the statement to /etc/init.d/inetinit to effect the workaround
at each reboot.
Sun has tested the workaround, and has found no negative side effects.
Questions or comments regarding this issue can be sent to
security-alert@sun.com. General support questions should be directed to
your local SunService, SunSoft Support Services or reseller support offices.
Regards,
Sun Security Coordination Team
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBM7gu3LdzzzOFBFjJAQHpdwQAngbp8mRsJBE3Bhu80bFup6I8tosrziqg
l8fiif7y1U1xqtgDQuv731PnjgkbNAlVy8ZMhIcDo8pZiuAG8rzBBZsIako4psIW
XA7L46OEqGgu2Gw/MyDKzuTd2hIiJfAuzTEQcmWaAUeOYRoB1OreYC7uu5lfK0ar
YIZtmRXrNjI=
=YxUW
-----END PGP SIGNATURE-----