Sun Solaris SNMP proxy agent /opt/SUNWssp/bin/snmpd contains buffer overflow

2001-05-06T00:00:00
ID VU:154976
Type cert
Reporter CERT
Modified 2002-04-01T00:00:00

Description

Overview

The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges.

Description

The Sun Enterprise 10000 is monitored and controlled by a systems called a System Service Processor (SSP). If two SSPs are in use they are configured as a main and a spare. The snmpd agent on the main SSP, part of the SSPSUNWsspop package, contains a buffer overflow in a variable used to hold argv[0]. The location of the buffer suggests it would be difficult to use this flaw to execute code.


Impact

The complete impact of this vulnerability is not yet known. In the worst case, it could allow an intruder to execute code with root privileges, but that impact is unconfirmed. Because the overflow occurs in a buffer used to hold argv[0], an intruder cannot use this flaw to crash an existing snmpd.


Solution

The CERT/CC is currently unaware of a practical solution to this problem.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Sun| | -| 05 May 2001
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.securityfocus.com/bid/2485>
  • <http://xforce.iss.net/static/6239.php>

Credit

Our thanks to Pablo Sor who originally identified this problem on Bugtraq.

This document was written by Shawn V. Hernan.

Other Information

  • CVE IDs: Unknown
  • Date Public: 13 Mar 2001
  • Date First Published: 06 May 2001
  • Date Last Updated: 01 Apr 2002
  • Severity Metric: 0.28
  • Document Revision: 7