Bugtraq mailing list archives

Re: Solaris 5.8 snmpd Vulnerability

From: Darren Moffat <Darren.Moffat () eng sun com>
Date: Wed, 14 Mar 2001 14:45:01 -0800

The /opt/SUNWssp/snmpd command (SNMP proxy agent)  is suid root
and contains a buffer overflow, the problem occurs when it copy his own
name (argv[0]) to an internal variable without checking out
its lenght and this causes the overflow.

Vulnerable Version

Sun Solaris 5.8


First there is no such product as Solaris 5.8 it is either SunOS 5.8 or
Solaris 8, please try not to mix them even though people know what you
mean it sometimes gets coded into scripts which can break because of it.

Just for clarification this binary is NOT part of Solaris 8 it is
part of the SUNWsspop package which will only be installed on the SSP
(System Service Processor) machine of a Enterprise 10,000 (aka Starfire)
machine.

The correct path is /opt/SUNWssp/bin/snmpd

--
Darren J Moffat

Current thread:

Solaris 5.8 snmpd Vulnerability Pablo Sor (Mar 13)
- Re: Solaris 5.8 snmpd Vulnerability Rob Bartlett - HES CTE (Mar 15)
- <Possible follow-ups>
- Re: Solaris 5.8 snmpd Vulnerability Darren Moffat (Mar 14)