Sun Solaris SNMP proxy agent /opt/SUNWssp/bin/snmpd contains buffer overflow

ID VU:154976
Type cert
Reporter CERT
Modified 2002-04-01T00:00:00



The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges.


The Sun Enterprise 10000 is monitored and controlled by a systems called a System Service Processor (SSP). If two SSPs are in use they are configured as a main and a spare. The snmpd agent on the main SSP, part of the SSPSUNWsspop package, contains a buffer overflow in a variable used to hold argv[0]. The location of the buffer suggests it would be difficult to use this flaw to execute code.


The complete impact of this vulnerability is not yet known. In the worst case, it could allow an intruder to execute code with root privileges, but that impact is unconfirmed. Because the overflow occurs in a buffer used to hold argv[0], an intruder cannot use this flaw to crash an existing snmpd.


The CERT/CC is currently unaware of a practical solution to this problem.

Systems Affected

Vendor| Status| Date Notified| Date Updated
Sun| | -| 05 May 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A


  • <>
  • <>


Our thanks to Pablo Sor who originally identified this problem on Bugtraq.

This document was written by Shawn V. Hernan.

Other Information

  • CVE IDs: Unknown
  • Date Public: 13 Mar 2001
  • Date First Published: 06 May 2001
  • Date Last Updated: 01 Apr 2002
  • Severity Metric: 0.28
  • Document Revision: 7