SAINT CorporationSAINT:F9F04F80489C8EACA3B2DA4D26B71855snmpXdmid buffer overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.78 High
EPSS
Percentile
98.2%
Added: 03/12/2007
CVE: CVE-2001-0236
BID: 2417
OSVDB: 546
Background
The SNMP to DMI mapper daemon (snmpXdmid) translates Simple Network Management Protocol (SNMP) events to Desktop Management Interface (DMI) indications and vice-versa.
Problem
snmpXdmid is affected by a buffer overflow vulnerability when a specially crafted indication event is translated into an SNMP trap. This could allow a remote attacker to execute arbitrary commands.
Resolution
Apply one of the patches referenced in Sun Bulletin 00207 or disable snmpXdmid as shown in CERT Advisory 2001-05.
References
<http://www.cert.org/advisories/CA-2001-05.html>
Limitations
There may be a delay before this exploit succeeds.
Platforms
SunOS 5.7 / Solaris 7
SunOS 5.8 / Solaris 8
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.78 High
EPSS
Percentile
98.2%