[19652] in bugtraq
Re: Solaris 5.8 snmpd Vulnerability
daemon@ATHENA.MIT.EDU (Darren Moffat)
Wed Mar 14 21:02:28 2001
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: ewTgfBhCAKvClm24oQtJ6A==
Message-ID: <200103142245.f2EMj0Xs247365@jurassic.eng.sun.com>
Date: Wed, 14 Mar 2001 14:45:01 -0800
Reply-To: Darren Moffat <Darren.Moffat@eng.sun.com>
From: Darren Moffat <Darren.Moffat@eng.sun.com>
X-To: psor@AFIP.GOV.AR
To: BUGTRAQ@SECURITYFOCUS.COM
>The /opt/SUNWssp/snmpd command (SNMP proxy agent) is suid root
>and contains a buffer overflow, the problem occurs when it copy his own
>name (argv[0]) to an internal variable without checking out
>its lenght and this causes the overflow.
>
>Vulnerable Version
>
>Sun Solaris 5.8
First there is no such product as Solaris 5.8 it is either SunOS 5.8 or
Solaris 8, please try not to mix them even though people know what you
mean it sometimes gets coded into scripts which can break because of it.
Just for clarification this binary is NOT part of Solaris 8 it is
part of the SUNWsspop package which will only be installed on the SSP
(System Service Processor) machine of a Enterprise 10,000 (aka Starfire)
machine.
The correct path is /opt/SUNWssp/bin/snmpd
--
Darren J Moffat
