[25653] in bugtraq
Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities
daemon@ATHENA.MIT.EDU (Entercept Ricochet Team)
Tue Jun 4 15:29:07 2002
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Tue, 4 Jun 2002 09:28:49 -0700
Message-ID: <568D2BE231D28D4990F8CC5189D2C0C7D5DD03@mail.entercept.com>
From: "Entercept Ricochet Team" <Ricochet@entercept.com>
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
Entercept Ricochet Advisory
Solaris snmpdx Vulnerabilities
http://www.entercept.com/news/uspr/06-03-02.asp
DETAILS
An unchecked buffer in Sun's Solaris SNMP component can be overrun and remotely exploited, allowing an attacker to execute arbitrary code with root privileges. There is also a format string vulnerability in Solaris that can be exploited, allowing a hacker to execute arbitrary code with root privileges.
The buffer overflow occurs in the MIB parsing component and the format string vulnerability in the logging component of snmpdx, which is installed by default with the Solaris Operating System. Exploiting these vulnerabilities would give an attacker complete control of the attacked server.
VERSIONS AFFECTED
Solaris 2.6, 7, and 8
FIX INFORMATION
Entercept worked closely with the Sun Security team, while they developed a patch. Information on the patch is available at Sun's Security Bulletin #00219 at http://sunsolve.sun.com/pub-cgi/secBulletin.pl.
ABOUT RICOCHET
Entercept's Ricochet team is a specialized group of security researchers dedicated to identifying, assessing, and evaluating intelligence regarding server threats. The Ricochet team researches current and future avenues of attack and builds this knowledge into Entercept's intrusion prevention solution. Ricochet is dedicated to providing critical, viable security content via security advisories and technical briefs. This content is designed to educate organizations and security professionals about the nature and severity of Internet security threats, vulnerabilities and exploits.
