Title: Solaris SSP SNMPD Argument Buffer Overflow Vulnerability
Severity: MODERATE
Description:
Solaris is the Unix Operating System variant distributed and maintained by Sun Microsystems. Solaris is a freely available operating system designed to run on systems of varying size with maximum scalability.
This vulnerability affects software installed on the System Service Processor (SSP) of an E10000 Sun Server. The SSP is a Solaris workstation designed to operate on a private network with the E10000. The SSP is used as the main system administrative point, providing a secure administrative channel to the larger server.
A problem with the SNMP package used on the SSP for monitoring of the E10000 may allow execution of code, and elevated privileges. The snmpd installed on the system contains a buffer overflow in the argv[0] variable, and is overflown with 700 bytes of data. This piece of software is also SUID root.
This vulnerability affects only the SSP. This administrative system is usually on a private network, and not publicly reachable. Additionally, this software is not installed by default, and is normally only installed on the SSP of an E10000. This vulnerability does, however, affect any system with the SUNWsspop package installed.
Affected Products:
- Sun Solaris 8
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
