ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/817
http://www.securityfocus.com/bid/433
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba