OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jay D. Dyson (jdysontreachery.net)
Date: Thu Aug 30 2001 - 18:12:19 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Courtesy of Sun Microsystems.

    Patches for snmpXdmid. (Solaris 2.6 through 8)

    ---------- Forwarded message ----------
    Date: Thu, 30 Aug 2001 16:06:00 PDT
    From: "securesunsc.eng.sun.com"
         <body_-19735124358989501hermes.java.sun.com>
    To: jdysontechreports.jpl.nasa.gov
    Subject: Sun Security Bulletin #00207

    -----BEGIN PGP SIGNED MESSAGE-----

    ________________________________________________________________________________
                        Sun Microsystems, Inc. Security Bulletin

    Bulletin Number: #00207
    Date: August 30, 2001
    Cross-Ref: CERT Advisory CA-2001-05
    Title: snmpXdmid
    ________________________________________________________________________________

    The information contained in this Security Bulletin is provided "AS IS."
    Sun makes no warranties of any kind whatsoever with respect to the information
    contained in this Security Bulletin. ALL EXPRESS OR IMPLIED CONDITIONS,
    REPRESENTATIONS AND WARRANTIES, INCLUDING ANY WARRANTY OF NON-INFRINGEMENT OR
    IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE
    HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.

    IN NO EVENT WILL SUN MICROSYSTEMS, INC. BE LIABLE FOR ANY LOST REVENUE,
    PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL
    OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF ANY THEORY OF LIABILITY
    ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN
    THIS SECURITY BULLETIN, EVEN IF SUN MICROSYSTEMS, INC. HAS BEEN ADVISED OF
    THE POSSIBILITY OF SUCH DAMAGES.

    If any of the above provisions are held to be in violation of applicable law,
    void, or unenforceable in any jurisdiction, then such provisions are waived
    to the extent necessary for this disclaimer to be otherwise enforceable in
    such jurisdiction.
    ________________________________________________________________________________

    1. Bulletins Topics

        Sun announces the release of patches for Solaris(tm) 8, 7, and
        2.6 (SunOS(tm) 5.8, 5.7, and 5.6) which relate to an snmpXdmid
        vulnerability reported in CERT CA-2001-05.

        Sun recommends that you install the patches listed in section 4
        immediately on systems running SunOS 5.8, 5.7, and 5.6 which
        use snmpXdmid.

    2. Who is Affected

        Vulnerable: SunOS 5.8, 5.8_x86, 5.7, 5.7_x86, 5.6,
                                   5.6_x86

    3. Understanding the Vulnerability

        The snmpXdmid utility is a subagent in the Solstice Enterprise
        Agent Desktop Management Interface package. It maps Simple
        Network Management Protocol (SNMP) requests forwarded by the
        Master Agent (snmpdx(1M)) into one or more equivalent Desktop
        Management Interface (DMI) requests and vice-versa. The
        snmpXdmid subagent runs as a daemon with root privileges on
        the system. snmpXdmid contains a buffer overflow in the code
        for translating DMI indications to SNMP events. This buffer
        overflow is exploitable by local or remote intruders to gain
        root privileges.

        The issue was discovered by Job de Haas (jobitsx.com) of ITSX BV
        Amsterdam, The Netherlands (http://www.itsx.com).

        CERT Advisory CA-2001-05 is available from:

        http://www.cert.org/advisories/CA-2001-05.html

    4. List of Patches

        The following patches are available in relation to the above problem.

        OS Version Patch ID
        __________ _________
        SunOS 5.8 108869-07
        SunOS 5.8_x86 108870-07
        SunOS 5.7 107709-15
        SunOS 5.7_x86 107710-15
        SunOS 5.6 106787-15
        SunOS 5.6_x86 106872-15
    _______________________________________________________________________________
    Sun acknowledges with thanks, Job de Haas (jobitsx.com) of ITSX BV
    Amsterdam, The Netherlands (http://www.itsx.com), for bringing this issue
    to our attention.
    _______________________________________________________________________________

    APPENDICES

    A. Patches listed in this bulletin are available to all Sun customers at:

        http://sunsolve.sun.com/securitypatch

    B. Checksums for the patches listed in this bulletin are available at:

        ftp://sunsolve.sun.com/pub/patches/CHECKSUMS

    C. Sun security bulletins are available at:

        http://sunsolve.sun.com/security

    D. Sun Security Coordination Team's PGP key is available at:

        http://sunsolve.sun.com/pgpkey.txt

    E. To report or inquire about a security problem with Sun software, contact
        one or more of the following:

            - Your local Sun answer centers
            - Your representative computer security response team, such as CERT
            - Sun Security Coordination Team. Send email to:

            security-alertsun.com

    F. To receive information or subscribe to our CWS (Customer Warning System)
        mailing list, send email to:

            security-alertsun.com

        with a subject line (not body) containing one of the following commands:

            Command Information Returned/Action Taken
            _______ _________________________________

            help An explanation of how to get information

            key Sun Security Coordination Team's PGP key

            list A list of current security topics

            query [topic] The email is treated as an inquiry and is forwarded to
                            the Security Coordination Team

            report [topic] The email is treated as a security report and is
                            forwarded to the Security Coordination Team. Please
                            encrypt sensitive mail using Sun Security Coordination
                            Team's PGP key

            send topic A short status summary or bulletin. For example, to
                            retrieve a Security Bulletin #00138, supply the
                            following in the subject line (not body):

                                    send #138

            subscribe Sender is added to our mailing list. To subscribe,
                            supply the following in the subject line (not body):

                                    subscribe cws your-email-address

                            Note that your-email-address should be substituted
                            by your email address.

            unsubscribe Sender is removed from the CWS mailing list.
    ________________________________________________________________________________

    Copyright 2000 Sun Microsystems, Inc. All rights reserved. Sun,
    Sun Microsystems, Solaris and SunOS are trademarks or registered trademarks
    of Sun Microsystems, Inc. in the United States and other countries. This
    Security Bulletin may be reproduced and distributed, provided that this
    Security Bulletin is not modified in any way and is attributed to
    Sun Microsystems, Inc. and provided that such reproduction and distribution
    is performed for non-commercial purposes.

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBO46hQ7dzzzOFBFjJAQGvgwQAtlaSsDmaRwEk7Dww+H0V55DW+8++mWOo
    BqwLaOtlvolLT3OVn+Sh4IbXgMRTSVZayMCMzIhzqFNoJxrx0uJOnJet2vRf+rhW
    xTtZnRyUratLVLyBdby7+J4BMS5zF2fRPWnSac39opd5kA6Jcj0HmsYu+BuvkHLH
    bzCDsv260wY=
    =CoJt
    -----END PGP SIGNATURE-----

            To use our one-click unsubscribe facility, select the following URL:
            http://hermes.java.sun.com/unsubscribe?-19735124358989501