| VID |
20021 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
SNMP |
| Detailed Description |
The Solaris SNMP daemon has a hidden community string that allows root access remotely. The hidden community string is hard-coded into the Solaris 2.6 SNMP implementation. This community string has read-write access to the "mibiisa" extensible agent. With access to the "mibiisa" extensible agent, an attacker could execute arbitrary commands with root privileges, manipulate system parameters, and kill processes.
* Platforms Affected:
Sun Solaris 2.6 and earlier
* References:
http://online.securityfocus.com/bid/177
http://www.iss.net/security_center/static/1385.php |
| Recommendation |
Sun recommends that you disable SEA on vulnerable systems until SEA 1.0.3 is installed.
To determine if your system is using SEA, use pkginfo on one of the following SEA packages: SUNWmibii, SUNWsacom, SUNWsadmi, SUNWsasnm. For example, on SEA 1.0 and 1.0.1, a pkginfo on SUNWmibii will display as follows:
% pkginfo SUNWmibii
system SUNWmibii Solstice Enterprise Agent SNMP daemon
On SEA 1.0.2:
% pkginfo SUNWmibii
system SUNWmibii Solstice Enterprise Agents 1.0.2 SNMP daemon
To disable Solstice Enterprise Agent (SEA), perform the following steps:
% su
Password:
# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx
-- OR --
Upgrade to the latest version of Solstice Enterprise Agent (1.0.3 or later), available from the Solstice Enterprise Agents Web site, http://www.sun.com/solstice/products/ent.agents/
-- OR --
Apply the appropriate patch for your system, the patches are available by vendors as the following:
Sun Solaris 2.4 _x86:
Sun Solaris 2.4:
Sun Solaris 2.5 _x86:
Sun Solaris 2.5.1 _x86:
Sun Solaris 2.5.1:
Sun Solaris 2.6 _x86:
Sun Patch 106600-02
Sun Solaris 2.6:
Sun Patch 106037-05
To access these patches, visit:
http://sunsolve.sun.com/securitypatch |
| Related URL |
CVE-1999-0186 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
