Solaris Solstice X.25 snmpx25d Daemon Remote Overflow

2003-10-22T00:00:00
ID OSVDB:3175
Type osvdb
Reporter OSVDB
Modified 2003-10-22T00:00:00

Description

Vulnerability Description

A remote overflow exists in X.25. The snmpx25d daemon contains a boundary error that can result in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with root privileges, resulting in a loss of confidentiality, integrity, and/or availability.

Technical Description

SPARC Platform Patches:
X.25 9.1 (for Solaris 2.4, 2.5, 2.5.1, 2.6, and 7): 105084-17
X.25 9.2 (for Solaris 7, 8, and 9): 108669-06

x86 Platform Patches:
X.25 9.1 (for Solaris 2.4, 2.5, 2.5.1, 2.6, and 7): 105188-17
X.25 9.2 (for Solaris 7, 8, and 9): 108670-06

Solution Description

Sun Microsystems has also released a patch which does correct this vulnerability. If unable to patch, it is possible to mitigate this vulnerability to some degree by enabling non-executable stacks. This does not resolve the issue, but does increase the likelihood that the attack will fail. This option is only available for sun4u, sun4m, and sun4d architectures.

Short Description

A remote overflow exists in X.25. The snmpx25d daemon contains a boundary error that can result in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with root privileges, resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105084&rev=17 Vendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108669&rev=06 Vendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105188&rev=17 Vendor Specific Solution URL: http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108670&rev=06 Vendor Specific Advisory URL Secunia Advisory ID:10063 Related OSVDB ID: 2750