| VID |
20023 |
| Severity |
40 |
| Port |
|
| Protocol |
UDP |
| Class |
SNMP |
| Detailed Description |
The Solaris 'mibiisa' and 'snmpdx' daemons may have exploitable vulnerabilties remotely.
An unchecked buffer in Sun SNMP Agent (mibiisa) can be overrun and remotely exploited, allowing an attacker to execute arbitrary code with root privileges. There is also a format string vulnerability in the Sun Solstice Enterprise Master Agent (snmpdx) that can be exploited, allowing an attacker to execute arbitrary code with root privileges. The buffer overflow occurs in the MIB parsing component and the format string vulnerability in the logging component of snmpdx, which is installed by default with the Solaris Operating System. Exploiting these vulnerabilities would give an attacker complete control of the attacked server.
* Note: This check doesn't perform an actually test, to assess this vulnerability, so this might be a false positive.
* References:
http://www.entercept.com/news/uspr/06-03-02.asp
http://marc.theaimsgroup.com/?l=bugtraq&m=102321107714554&w=2
* Platforms Affected:
Solaris 2.6
Solaris 7
Solaris 8
SunOS 5.6
SunOS 5.7
SunOS 5.8 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Sun Microsystems, Inc. Security Bulletin #00219, http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219&type=0&nav=sec.sba |
| Related URL |
CVE-2002-0796,CVE-2002-0797 (CVE) |
| Related URL |
4932,4933 (SecurityFocus) |
| Related URL |
9241,9242 (ISS) |
|
