Patch-ID# 102517-05
Keywords: loopback keepalive tcp_respond sigio SYN security denial
Synopsis: SunOS 4.1.4: TCP Interface Patch
Date: Jan/13/98

Solaris Release: 1.1.2

SunOS release: 4.1.4

Unbundled Product:

Unbundled Release:

Relevant Architectures: sparc
    NOTE: sun4(all)  

BugId's fixed with this patch:  1182957 1199120 1053503 1151988 1071377 1170239 1185571 4041410 4094997

Changes incorporated in this version: 4094997 

Patches accumulated and obsoleted by this patch:

Patches which may conflict with this patch:

Patches required with this patch:

Obsoleted by: 

Files included with this patch:  
tcp_input.o
tcp_output.o
tcp_timer.o
tcp_usrreq.o

Problem Description:

-05 Rev:
     4094997
        SunOS 4.x is vulnerable to land.c attack
-04 Rev:
     4041410 
        rcp connection may be incorrectly reset by 2.X peer

-03 Rev:
     1182957
	SYN attack may cause TCP denial of service
-02 Rev:
     1185571
        System table file entry leaking for socket

-01 Rev:
     1199120
 	TCP connections do not reset correctly after crash-restart

     1170239
        Exponential backoff timer not reset

     1053503
        Under certain conditions the tcp code gets in a loop
        and continuously sends acks, when using the loopback
        interface this freezes the system.
 
     1151988
        System panic in tcp_respond() 
 
     1071377
        sigio was not being generated properly when tcp sockets were used.


Patch Installation Instructions:
 
As root:

1) Save a copy of the files to be patched:

        cd /sys/`arch -k`/OBJ
        mv tcp_input.o  tcp_input.o.FCS
	mv tcp_output.o tcp_output.o.FCS
	mv tcp_timer.o  tcp_timer.o.FCS
	mv tcp_usrreq.o tcp_usrreq.o.FCS
	
2) Install the patched files and set permissions:

        cp `arch -k`/tcp_input.o  /sys/`arch -k`/OBJ
	cp `arch -k`/tcp_output.o /sys/`arch -k`/OBJ
	cp `arch -k`/tcp_timer.o  /sys/`arch -k`/OBJ
	cp `arch -k`/tcp_usrreq.o /sys/`arch -k`/OBJ

        chmod 444 /sys/`arch -k`/OBJ/tcp_*.o
 
3) Config, make and install a new kernel.
   Please refer to the System and Network Administration manual
   for details on building and installing a custom kernel.
