Patch-ID# 100567-04
Keywords: icmp redirects, security, ip_icmp, icmp_error, m_free, panic, mbuf, mfreem
Synopsis: SunOS 4.1,4.1.x: mfree panic due to mbuf being freed twice, icmp redirects can be used to make a host drop connections
Date: 27/Oct/92

SunOS Release: 4.1,4.1.1,4.1.2,4.1.3

Topic: mfree and icmp redirect security patch for ip_icmp.o

BugID's fixed with this patch: 1087460 1093937

Changes incorporated in this version: 1093937

Architectures for which this patch is available: sun3(all), sun4(all)

Patches which may conflict with this patch:

Obsolete By:

Problem Description:

BUGID 1087460:  We free the same mbuf a second time.  This causes the mfree 
panic. Fixed in -01 version.

BUGID 1093937: The current fix will make your networked systems more 
resistant to attacks based on the spoofing of icmp messages, but may not 
prevent all forms of such attacks. This specific patch will not be
integrated in a future OS release, but other considerations to minimize
this bug will be reviewed for a future OS release.
  
Revision History:

Revision -01: Fixes bug 1087460
Revision -03: -01 with 4.1.3 compatibility
Revision -04: Adds fix for bug 1093937

INSTALL:

As root:

mv /sys/`arch -k`/OBJ/ip_icmp.o /sys/`arch -k`/OBJ/ip_icmp.o.fcs
cp `arch`/ip_icmp.o /sys/`arch -k`/OBJ

A new kernel will need to be made and installed.
Please refer to the system and networking administration manual
for details on building and installing a new kernel.


