SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   SNMP Daemon Vendors:   [Multiple Authors/Vendors]
(Sun Issues Fix for E10K SSP Server) Re: Many Simple Network Management Protocol (SNMP) Implementations Allow Remote Users to Deny Service or Obtain Access to the System
SecurityTracker Alert ID:  1004273
SecurityTracker URL:  http://securitytracker.com/id/1004273
CVE Reference:   CVE-2002-0012, CVE-2002-0013   (Links to External Site)
Date:  May 10 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): SSP 3.3, 3.4, 3.5
Description:   CERT reported that the University of Oulu (Finland) has discovered vulnerabilities in many vendor implementations of the Simple Network Management Protocol (SNMP) version 1.

The Oulu University Secure Programming Group (OUSPG, http://www.ee.oulu.fi/research/ouspg/) reports that there are numerous vulnerabilities in SNMPv1 implementations from many different vendors. A remote user can reportedly cause denial of service attacks or gain elevated privileges on the system. The extent of the vulnerabilities depends on the specific vendor implementation. Vulnerabilities apparently include denial-of-service conditions, format string vulnerabilities, and buffer overflows.

Sun reports that SSP machines are vulnerable.

Impact:   A remote user may be able to cause denial of service conditions or may be able to obtain elevated privileges on the system.
Solution:   The vendor has issued the following fix:

SPARC

SSP 3.3 (for Solaris 2.6, 7, 8) with patch 110947-02 or later
SSP 3.4 (for Solaris 2.6, 7, 8) with patch 110948-04 or later
SSP 3.5 (for Solaris 7 and 8) with patch 112190-02 or later
Notes: Earlier versions of SSP will require an upgrade of the SSP software to a later release with the appropriate patch mentioned above.

Documentation and details for upgrading SSP are available from:

http://www.sun.com/servers/highend/10000/features/ssp.html

Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  2.6, 7, 8

Message History:   This archive entry is a follow-up to the message listed below.
Feb 12 2002 Many Simple Network Management Protocol (SNMP) Implementations Allow Remote Users to Deny Service or Obtain Access to the System



 Source Message Contents

Subject:  Sun Alert 43985



DOCUMENT ID: 43985 
SYNOPSIS: Buffer Overflow in snmpd(1M) and edd(1M) may Allow
Unauthorized Remote Access to E10K SSP Server 
DETAIL DESCRIPTION: 
Sun(sm) Alert Notification 
Sun Alert ID: 43985 

Synopsis: Buffer Overflow in snmpd(1M) and edd(1M) may Allow
Unauthorized Remote Access to E10K SSP Server 

Category: Security 

Product: Systems, Enterprise 10000 Server SSP (System Service Processor) 
BugIDs: 4643692, 4648503, 4425460 
Avoidance: Patch 

State: Resolved 
Date Released: 17-Apr-2002 
Date Closed: 17-Apr-2002 
Date Modified: 
1. Impact 
Unprivileged remote users may be able to gain unauthorized access to an
SSP machine due to buffer overflow in snmpd(1M) and edd(1M). 

This issue is described in the CERT Vulnerability VU#854306 (see
http://www.kb.cert.org/vuls/id/854306) and CERT Vulnerability VU#107186
(see http://www.kb.cert.org/vuls/id/107186) which are referenced in
CA-2002-03 (see http://www.cert.org/advisories/CA-2002-03.html). 


2. Contributing Factors 
This issue can occur in the following releases: 

SPARC 

SSP 3.3 (for Solaris 2.6, 7, 8) without patch 110947-02 
SSP 3.4 (for Solaris 2.6, 7, 8) without patch 110948-04 
SSP 3.5 (for Solaris 7 and 8) without patch 112190-02 
Note: Earlier versions of the SSP are affected. This is strictly an
issue on the SSP and there is no domain side component to this issue. 

3. Symptoms 
There are no symptoms that would show the described problem has been
exploited to gain unauthorized access to an SSP machine. 



SOLUTION SUMMARY: 
4. Relief/Workaround 
Place SSP systems on a private network. 


5. Resolution 
This issue is addressed in the following releases: 

SPARC 

SSP 3.3 (for Solaris 2.6, 7, 8) with patch 110947-02 or later 
SSP 3.4 (for Solaris 2.6, 7, 8) with patch 110948-04 or later 
SSP 3.5 (for Solaris 7 and 8) with patch 112190-02 or later 
Notes: Earlier versions of SSP will require an upgrade of the SSP
software to a later release with the appropriate patch mentioned above. 

Documentation and details for upgrading SSP are available from: 


http://www.sun.com/servers/highend/10000/features/ssp.html                  


This Sun Alert notification is being provided to you on an "AS IS"
basis. Sun makes no representations, warranties, or guaranties as to the
quality, suitability, truth, accuracy or completeness of any of the
information contained herein. This Sun Alert notification may contain
information provided by third parties. ANY AND ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY
DISCLAIMED. The issues described in this Sun Alert notification may or
may not impact your system(s). 

BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL
DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION
CONTAINED HEREIN. 

This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your Confidential Disclosure Agreement or the confidentiality provisions
of your agreement to purchase services from Sun. In the event that you
do not have one of the above-referenced agreements with Sun, this
information is provided pursuant to the confidentiality provisions of
the Sun.com Terms of Use. This Sun Alert notification may only be used
for the purposes contemplated by these agreements. 

Copyright 2001, 2002 Sun Microsystems, Inc., 901 San Antonio Road, Palo
Alto, CA 94303 U.S.A. All rights reserved.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC