SNMP Daemon for SGI IRIX Operating System Has Buffer Overflow That May Let Remote Users Execute Arbitrary Code with Root Level Privileges
SecurityTracker Alert ID: 1003971|
SecurityTracker URL: http://securitytracker.com/id/1003971
(Links to External Site)
Date: Apr 4 2002
Execution of arbitrary code via network, Root access via network|
Fix Available: Yes Vendor Confirmed: Yes |
A buffer overflow vulnerability has been reported in the Simple Network Management Protocol (SNMP) daemon in the SGI IRIX operating system. A remote user may be able to execute arbitrary code on the server with root privileges.|
Internet Security Systems (ISS) X-Force reported that a remote user can submit a specially-crafted SNMP request to trigger the buffer overflow and execute arbitrary code or commands on the target system.
No further details were provided.
A remote user may be able to execute arbitrary code on the server with root level privileges.|
SGI recommends either upgrading to IRIX 6.5.16 when it is released, or installing the appropriate patch (4574).|
SGI Security Patches can be found at:
##### Patch File Checksums ####
The actual patch will be a tar file containing the following files:
Algorithm #1 (sum -r): 32921 8 README.patch.4574
Algorithm #2 (sum): 33173 8 README.patch.4574
MD5 checksum: ABACE618AEEB06053114146999153104
Algorithm #1 (sum -r): 23776 2 patchSG0004574
Algorithm #2 (sum): 37321 2 patchSG0004574
MD5 checksum: 7F3BAE0B10561D2F7B1D4B6351D1A171
Algorithm #1 (sum -r): 59133 996 patchSG0004574.eoe_sw
Algorithm #2 (sum): 25189 996 patchSG0004574.eoe_sw
MD5 checksum: ECDEF7ABBC54F5C85A0B17C5170D4956
Algorithm #1 (sum -r): 19557 3 patchSG0004574.idb
Algorithm #2 (sum): 25632 3 patchSG0004574.idb
MD5 checksum: 32F03B249CC8756B0897F22F7FD9A8EB
Vendor URL: www.sgi.com/support/security/advisories.html (Links to External Site)
|Underlying OS: UNIX (SGI/IRIX)|
|Underlying OS Comments: SGI IRIX, prior to 6.5.15m and 6.5.15f|
Source Message Contents
Subject: ISSalert: ISS Advisory: Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon|
TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to
firstname.lastname@example.org Contact email@example.com for help with any problems!
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Advisory
April 3, 2002
Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon
Internet Security Systems (ISS) X-Force has discovered a buffer overflow
in the SNMP (Simple Network Management Protocol) daemon in the SGI IRIX
operating system. The SNMP daemon, or snmpd executable, runs with
superuser privilege. The buffer overflow vulnerability in snmpd may
allow remote attackers to execute arbitrary commands on a target system
with elevated privileges.
SGI IRIX 6.5-6.5.15m and 6.5.15f
Note: Versions prior to version 6.5 may be vulnerable, but these
versions are no longer supported by SGI.
SNMP is a widely used protocol used to remotely manage computers,
networking devices, and applications. Many popular operating systems
also contain SNMP functionality so computers can be managed over the
network. SNMP is a lightweight, extensible protocol designed to
facilitate remote management of devices. Most commonly, SNMP is used to
performance, if it is operational, or the general health of the device.
A vulnerability exists in the SGI IRIX implementation of snmpd that may
allow remote attackers to submit a specially-crafted SNMP request to
cause a buffer overflow fault. This condition may be exploited to
execute arbitrary code or commands on the target system.
The SNMP daemon is enabled by default on the IRIX operating system and
is executed during the start-up sequence by the root user. The SNMP
daemon accepts remote queries by default.
ISS X-Force encourages affected users to apply vendor-supplied patches
immediately. SGI has made patch 4574 available to remove the
vulnerability described in this advisory. The SGI Software Product
Knowledge Database is available at the following address:
To limit access to SNMP at the firewall, filter port 1161 and 161
UDP/TCP. Consider disabling the SNMP daemon completely if it is not
ISS X-Force will provide specific detection and assessment support for
this vulnerability in upcoming X-Press Updates for RealSecure Network
Sensor and Internet Scanner. ISS will also provide detection support in
an upcoming signature update for BlackICE products.
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2002-0017 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
This vulnerability was discovered and researched by Kris Hunt of the ISS
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email firstname.lastname@example.org for
Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
email@example.com of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----