10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.78 High
EPSS
Percentile
98.2%
Added: 03/12/2007
CVE: CVE-2001-0236
BID: 2417
OSVDB: 546
The SNMP to DMI mapper daemon (snmpXdmid) translates Simple Network Management Protocol (SNMP) events to Desktop Management Interface (DMI) indications and vice-versa.
snmpXdmid is affected by a buffer overflow vulnerability when a specially crafted indication event is translated into an SNMP trap. This could allow a remote attacker to execute arbitrary commands.
Apply one of the patches referenced in Sun Bulletin 00207 or disable snmpXdmid as shown in CERT Advisory 2001-05.
<http://www.cert.org/advisories/CA-2001-05.html>
There may be a delay before this exploit succeeds.
SunOS 5.7 / Solaris 7
SunOS 5.8 / Solaris 8