| VID |
17040 |
| Severity |
40 |
| Port |
32785/32786 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
Sun Solaris versions 2.6, 7, and 8 are vulnerable to a buffer overflow in the snmpXdmid daemon. The 'snmpXdmid' service is a mapping tool for SNMP and DMI (Desktop Management Interface) requests.
A buffer overflow occurs when snmpXdmid attempts to translate a malicious DMI request into an SNMP trap. SnmpXdmid runs with root privileges and any attacker to successfully exploit this vulnerability will gain superuser access immediately. |
| Recommendation |
For Sun Solaris:
Apply the appropriate patch for your system, as listed in Sun Microsystems, Inc. Security Bulletin #00207 at http://www.securityfocus.com/advisories/3536
-- OR --
If both SNMP and DMI are not required, disable the 'snmpXdmid' daemon by turning off DMI.
To turn off DMI completely:
1. Rename /etc/rc?.d/S??dmi to /etc/rc?.d/K07dmi and call '/etc/init.d/init.dmi stop' (where ? is the appropriate runlevel).
2. If you wish to make the daemon non-executable, remove all permissions from the 'snmpXdmid' binary:
# chmod 000 /usr/lib/dmi/snmpXdmid
3. The snmpXdmid RPC service id is 100249; use 'rpcinfo -p' to list local site port bindings:
# rpcinfo -p | grep 100249
100249 1 udp 32785
100249 1 tcp 32786
If you disable the current snmpXdmid RPC service, run the following command:
# rpcinfo -d 100249 ? (where ? is the version of snmpXdmid RPC service. It is '1' in this case) |
| Related URL |
CVE-2001-0236 (CVE) |
| Related URL |
2417 (SecurityFocus) |
| Related URL |
6245 (ISS) |
|
