IRIX snmpd SNMP Request Overflow

2002-04-03T00:00:00
ID OSVDB:5420
Type osvdb
Reporter ISS X-Force Research(xforce@iss.net)
Modified 2002-04-03T00:00:00

Description

Vulnerability Description

A remote overflow exists in IRIX. The SNMP (Simple Network Management Protocol) daemon fails to check bounds on incoming SNMP requests resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or commands on the target system resulting in a loss of integrity.

Technical Description

This vulnerability also affects feature releases (an 'f' after the version number) and maintenance releases (an 'm' after the version number).

Solution Description

Upgrade to version 6.5.16 or higher, as it has been reported to fix this vulnerability. In addition, IRIX has released a patch for some older versions.

Short Description

A remote overflow exists in IRIX. The SNMP (Simple Network Management Protocol) daemon fails to check bounds on incoming SNMP requests resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or commands on the target system resulting in a loss of integrity.

References:

Vendor URL: http://www.sgi.com Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches Vendor Specific Advisory URL ISS X-Force ID: 7846 CVE-2002-0017 Bugtraq ID: 4421