Bugtraq mailing list archives
Re: Solaris 5.8 snmpd Vulnerability
From: Darren Moffat <Darren.Moffat () eng sun com>
Date: Wed, 14 Mar 2001 14:45:01 -0800
The /opt/SUNWssp/snmpd command (SNMP proxy agent) is suid root and contains a buffer overflow, the problem occurs when it copy his own name (argv[0]) to an internal variable without checking out its lenght and this causes the overflow. Vulnerable Version Sun Solaris 5.8
First there is no such product as Solaris 5.8 it is either SunOS 5.8 or Solaris 8, please try not to mix them even though people know what you mean it sometimes gets coded into scripts which can break because of it. Just for clarification this binary is NOT part of Solaris 8 it is part of the SUNWsspop package which will only be installed on the SSP (System Service Processor) machine of a Enterprise 10,000 (aka Starfire) machine. The correct path is /opt/SUNWssp/bin/snmpd -- Darren J Moffat
Current thread:
- Solaris 5.8 snmpd Vulnerability Pablo Sor (Mar 13)
- Re: Solaris 5.8 snmpd Vulnerability Rob Bartlett - HES CTE (Mar 15)
- <Possible follow-ups>
- Re: Solaris 5.8 snmpd Vulnerability Darren Moffat (Mar 14)