Overview
The SNMP proxy agent on certain large Solaris systems contains a buffer overflow. It may be possible, though it is unconfirmed, that an intruder could use this flaw to execute code with root privileges.
Description
The Sun Enterprise 10000 is monitored and controlled by a systems called a System Service Processor (SSP). If two SSPs are in use they are configured as a main and a spare. The snmpd agent on the main SSP, part of the SSPSUNWsspop package, contains a buffer overflow in a variable used to hold argv[0]. The location of the buffer suggests it would be difficult to use this flaw to execute code. |
Impact
The complete impact of this vulnerability is not yet known. In the worst case, it could allow an intruder to execute code with root privileges, but that impact is unconfirmed. Because the overflow occurs in a buffer used to hold argv[0], an intruder cannot use this flaw to crash an existing snmpd. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Our thanks to Pablo Sor who originally identified this problem on Bugtraq.
This document was written by Shawn V. Hernan.
Other Information
| CVE IDs: | CVE-2001-0470 |
| Severity Metric: | 0.28 |
| Date Public: | 2001-03-13 |
| Date First Published: | 2001-05-06 |
| Date Last Updated: | 2002-04-02 01:41 UTC |
| Document Revision: | 7 |