CVE-2008-5689

Name of the Vulnerable Software and Affected Versions Solaris versions 10 and OpenSolaris snv 01 through snv 76

Description The issue allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request. This request triggers a NULL pointer dereference in the tun in IP Tunnel component.

Recommendations For Solaris versions 10 and OpenSolaris snv 01 through snv 76, consider restricting access to the tun in IP Tunnel component to minimize the risk of exploitation. As a temporary workaround, avoid using the SIOCGTUNPARAM IOCTL request until a patch is available.