OmniOS TCP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in OmniOS version r151046 of the SunOS operating system. The issue arises from the kernel's handling of TCP RST packets, where it accepts a wide range of sequence numbers. This lenient validation allows attackers to send multiple crafted TCP RST packets that disrupt normal network connections, effectively causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where normal network connections are interrupted, causing disruption of services or applications relying on those connections.

Reproduction

The vulnerability can be reproduced by sending TCP RST packets with random sequence numbers that fall within the acceptable range of the TCP receive window. This can be automated using a Python script that sends the RST packets after establishing a normal TCP connection. The interruption of the connection after the RST packet is sent indicates the presence of the vulnerability.