Solaris snmpXdmid Buffer Overflow Vulnerability

Bugtraq ID:	2417
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 15 2001 12:00AM
Updated:	Mar 15 2001 12:00AM
Credit:	Discovered by Job De Haas <[email protected]>. Published on March 15, 2001.
Vulnerable:	Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 7.0_x86 Sun Solaris 7.0 Sun Solaris 2.6_x86 Sun Solaris 2.6
Not Vulnerable:

Solaris snmpXdmid Buffer Overflow Vulnerability

Versions 2.6, 7, and 8 of Sun Microsystem's Solaris operating environment ship with service called 'snmpXdmid'. This daemon is used to map SNMP management requests to DMI requests and vice versa.

SnmpXdmid contains a remotely exploitable buffer overflow vulnerability. The overflow occurs when snmpXdmid attempts to translate a 'malicious' DMI request into an SNMP trap.

SnmpXdmid runs with root privileges and any attacker to successfully exploit this vulnerability will gain superuser access immediately.

Solaris snmpXdmid Buffer Overflow Vulnerability

Solution:
Sun has made the following fixes available:


Sun Solaris 7.0_x86

• Sun 107710-15
  

Sun Solaris 2.6

• Sun 106787-15
  

Sun Solaris 7.0

• Sun 107709-15
  

Sun Solaris 8_x86

• Sun 108870-07
  

Sun Solaris 2.6_x86

• Sun 106872-15
  

Sun Solaris 8_sparc

• Sun 108869-07