Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).