SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   SNMP Daemon Vendors:   SGI (Silicon Graphics)
SNMP Daemon for SGI IRIX Operating System Has Buffer Overflow That May Let Remote Users Execute Arbitrary Code with Root Level Privileges
SecurityTracker Alert ID:  1003971
SecurityTracker URL:  http://securitytracker.com/id/1003971
CVE Reference:   CVE-2002-0017   (Links to External Site)
Date:  Apr 4 2002
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A buffer overflow vulnerability has been reported in the Simple Network Management Protocol (SNMP) daemon in the SGI IRIX operating system. A remote user may be able to execute arbitrary code on the server with root privileges.

Internet Security Systems (ISS) X-Force reported that a remote user can submit a specially-crafted SNMP request to trigger the buffer overflow and execute arbitrary code or commands on the target system.

No further details were provided.

Impact:   A remote user may be able to execute arbitrary code on the server with root level privileges.
Solution:   SGI recommends either upgrading to IRIX 6.5.16 when it is released, or installing the appropriate patch (4574).

SGI Security Patches can be found at:

http://www.sgi.com/support/security/
ftp://patches.sgi.com/support/free/security/patches/

##### Patch File Checksums ####

The actual patch will be a tar file containing the following files:

Filename: README.patch.4574
Algorithm #1 (sum -r): 32921 8 README.patch.4574
Algorithm #2 (sum): 33173 8 README.patch.4574
MD5 checksum: ABACE618AEEB06053114146999153104

Filename: patchSG0004574
Algorithm #1 (sum -r): 23776 2 patchSG0004574
Algorithm #2 (sum): 37321 2 patchSG0004574
MD5 checksum: 7F3BAE0B10561D2F7B1D4B6351D1A171

Filename: patchSG0004574.eoe_sw
Algorithm #1 (sum -r): 59133 996 patchSG0004574.eoe_sw
Algorithm #2 (sum): 25189 996 patchSG0004574.eoe_sw
MD5 checksum: ECDEF7ABBC54F5C85A0B17C5170D4956

Filename: patchSG0004574.idb
Algorithm #1 (sum -r): 19557 3 patchSG0004574.idb
Algorithm #2 (sum): 25632 3 patchSG0004574.idb
MD5 checksum: 32F03B249CC8756B0897F22F7FD9A8EB

Vendor URL:  www.sgi.com/support/security/advisories.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (SGI/IRIX)
Underlying OS Comments:  SGI IRIX, prior to 6.5.15m and 6.5.15f

Message History:   None.


 Source Message Contents

Subject:  ISSalert: ISS Advisory: Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon



TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
majordomo@iss.net  Contact alert-owner@iss.net for help with any problems!
---------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Advisory
April 3, 2002

Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon

Synopsis:

Internet Security Systems (ISS) X-Force has discovered a buffer overflow
in the SNMP (Simple Network Management Protocol) daemon in the SGI IRIX
operating system. The SNMP daemon, or snmpd executable, runs with
superuser privilege. The buffer overflow vulnerability in snmpd may
allow remote attackers to execute arbitrary commands on a target system
with elevated privileges.

Affected Versions:

SGI IRIX 6.5-6.5.15m and 6.5.15f

Note: Versions prior to version 6.5 may be vulnerable, but these
versions are no longer supported by SGI.

Description:

SNMP is a widely used protocol used to remotely manage computers,
networking devices, and applications. Many popular operating systems
also contain SNMP functionality so computers can be managed over the
network. SNMP is a lightweight, extensible protocol designed to
facilitate remote management of devices. Most commonly, SNMP is used to
performance, if it is operational, or the general health of the device.

A vulnerability exists in the SGI IRIX implementation of snmpd that may
allow remote attackers to submit a specially-crafted SNMP request to
cause a buffer overflow fault. This condition may be exploited to
execute arbitrary code or commands on the target system.

The SNMP daemon is enabled by default on the IRIX operating system and
is executed during the start-up sequence by the root user. The SNMP
daemon accepts remote queries by default.

Recommendations:

ISS X-Force encourages affected users to apply vendor-supplied patches
immediately. SGI has made patch 4574 available to remove the
vulnerability described in this advisory. The SGI Software Product
Knowledge Database is available at the following address:
http://support.sgi.com/spk/

To limit access to SNMP at the firewall, filter port 1161 and 161
UDP/TCP. Consider disabling the SNMP daemon completely if it is not
being used.

ISS X-Force will provide specific detection and assessment support for
this vulnerability in upcoming X-Press Updates for RealSecure Network
Sensor and Internet Scanner. ISS will also provide detection support in
an upcoming signature update for BlackICE products.

Additional Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2002-0017 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

Credits:

This vulnerability was discovered and researched by Kris Hunt of the ISS
X-Force.


______

About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.

Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.

Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.

Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php

Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBPKttZzRfJiV99eG9AQF39gQAiybC/P4HpVOmgB1w02h1WdjU2ms1QkNs
dzXp5MYJaAt3g9OnvTKSRAc+z0ioNlYA0cFWOnTf9oJgzeOK2nnRaDLdaeheFOMD
3dt6hYCzNRYQtMzOUsxX9DA7EgnwldseVC5vEpAUOrfA9VTDd8BaZxG1Ivrj/bEt
AvLsQi0Zg24=
=dK28
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC