Patch-ID# 103581-15 Keywords: security telnet ftp single tcp NDD tcp_bind web RTO FIN ack TLI Synopsis: SunOS 5.5.1_x86: /kernel/drv/tcp and /usr/bin/netstat patch Date: Aug/14/97 Solaris Release: 2.5.1_x86 SunOS Release: 5.5.1_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 103582 Xref: This patch available for PPC as patch 103583 Topic: SunOS 5.5.1_x86: /kernel/drv/tcp and /usr/bin/netstat patch NOTE: We recommend installing the following patches to get the complete support for large IP addresses: 103595-10 (or higher revs) usr/lib/sendmail fixes 104332-03 (or higher revs) usr/sbin/rpcbind patch 104957-01 (or higher revs) usr/sbin/in.rarpd patch 104959-01 (or higher revs) usr/sbin/in.rdisc patch 104961-01 (or higher revs) usr/sbin/snoop patch BugId's fixed with this patch: 1182957 1206850 1233827 1248840 1249829 1250411 1259524 1261245 4005586 4011648 4015495 4017242 4022642 4034353 4034355 4043513 4052115 4069902 Changes incorporated in this version: 4069902 Relevant Architectures: i386 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: iss_x86-01 (or higher revs) Patches required with this patch: 103631-08 (or higher revs) Obsoleted by: Files included with this patch: /kernel/drv/tcp /usr/bin/netstat Problem Description: 4069902 TCP in 2.5.1 should have similar slow start mechanism as in 2.6 (from 103581-14) This revision is generated to establish a dependency on the ip patch (103631-08 or higher). (from 103581-13) 4005586 netstat locks up TCP for too long due to inefficient code (from 103581-12) 4052115 putback of 1182957 broke an earlier fix 4043513 TCP Simultaneous Open feature does not work (from 103581-11) 1182957 SYNs can be sinful The bug that this patch addresses causes the system to become unusable to certain ports that come under SYN attack. During the SYN attack the attacker fills up the listen queue of the application, due to which additional incoming connections on the same port are dropped. By carefully timing these bogus SYNs an attacker can block out all legitimate incoming connections. (from 103581-10) 4034355 Solaris ignores KEEPALIVE probes without data 4034353 TCP/IP sometimes forgets PSH after sending URG. (from 103581-09) 1250411 2.5 rcp recieves "random" connection reset by peer (from 103581-08) 4017242 PDB-System crash with BAD TRAP (from 103581-07) 4015495 connect deadlock when ephemeral port is same as dest port (from 103581-06) 4022642 TLI application causes Data Fault system panics (from 103581-05) 4011648 Fix for bug 1248840 introduces performance degradtion in rsh (from 103581-04) 1259524 deadbeef panic in tcp_xmit_mp() (from 103581-03) 1261245 window probes can cause ack wars (from 103581-02) 1248840 TCP socket can't handle FIN pkt from client surely (deadlock) Fixed code to avoid system panic due to deallocated tcp structure. (from 103581-01) 1249829 connection times out if remote only sends zero-windows A connection that sends a zero window for more than tcp_ip_abort_interval interval will have the connection terminated. 1248840 TCP socket can't handle FIN pkt from client surely (deadlock) 1233827 tcp retransmits too much for short connections as seen at web sites 1206850 Solaris 2.4, telnet/ftp error in single user mode. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- If the reason to install this patch is to fix bugid 1233827 (tcp retransmits too much for short connections as seen at web sites), the 2.5.1 ip patch (103631-01 or higher) is also required. NOTE: We recommend installing the following patches to get the complete support for large IP addresses: 103595-10 (or higher revs) usr/lib/sendmail fixes 104332-03 (or higher revs) usr/sbin/rpcbind patch 104957-01 (or higher revs) usr/sbin/in.rarpd patch 104959-01 (or higher revs) usr/sbin/in.rdisc patch 104961-01 (or higher revs) usr/sbin/snoop patch