Update Protection against Sun Solaris IPv6 Denial of Service Vulnerability

Vulnerability
Protection

Check Point Reference:	CPAI-2009-037
Date Published:
Severity:
Source:	Secunia Advisory: SA33605
Industry Reference(s):	CVE-2009-0304
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? Sun Solaris 10
Vulnerability Description A vulnerability was reported in Sun Solaris. The vulnerability is caused due to an error in the processing of IPv6 packets and can be exploited to cause a denial of service condition.

Update/Patch Available Apply Interim Security Relief (ISR). http://www.sunsolve.sun.com/tpatches
Vulnerability Details A remote attacker can send a specially crafted IPv6 packet to cause the target system to crash.

Protection Overview
By enabling this protection, IPS-1 will detect and block IPv6 packets with header length of 0, with 0 length payload.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Network Security > IP, and select the IP Options protection group.
3. Click Solaris 11 IPv6 remote kernel crash (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: IP Options backend
Description: Solaris 11 IPv6 remote kernel crash

Legal Notice for Threat Center Advisories