Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: X-Force (xforceiss.net)
Date: Wed Apr 03 2002 - 15:01:11 CST
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Advisory
April 3, 2002
Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon
Internet Security Systems (ISS) X-Force has discovered a buffer overflow
in the SNMP (Simple Network Management Protocol) daemon in the SGI IRIX
operating system. The SNMP daemon, or snmpd executable, runs with
superuser privilege. The buffer overflow vulnerability in snmpd may
allow remote attackers to execute arbitrary commands on a target system
with elevated privileges.
SGI IRIX 6.5-6.5.15m and 6.5.15f
Note: Versions prior to version 6.5 may be vulnerable, but these
versions are no longer supported by SGI.
SNMP is a widely used protocol used to remotely manage computers,
networking devices, and applications. Many popular operating systems
also contain SNMP functionality so computers can be managed over the
network. SNMP is a lightweight, extensible protocol designed to
facilitate remote management of devices. Most commonly, SNMP is used to
monitor parameters of managed devices, such as determining a device’s
performance, if it is operational, or the general health of the device.
A vulnerability exists in the SGI IRIX implementation of snmpd that may
allow remote attackers to submit a specially-crafted SNMP request to
cause a buffer overflow fault. This condition may be exploited to
execute arbitrary code or commands on the target system.
The SNMP daemon is enabled by default on the IRIX operating system and
is executed during the start-up sequence by the root user. The SNMP
daemon accepts remote queries by default.
ISS X-Force encourages affected users to apply vendor-supplied patches
immediately. SGI has made patch 4574 available to remove the
vulnerability described in this advisory. The SGI Software Product
Knowledge Database is available at the following address:
To limit access to SNMP at the firewall, filter port 1161 and 161
UDP/TCP. Consider disabling the SNMP daemon completely if it is not
ISS X-Force will provide specific detection and assessment support for
this vulnerability in upcoming X-Press Updates for RealSecure Network
Sensor and Internet Scanner. ISS will also provide detection support in
an upcoming signature update for BlackICE products.
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2002-0017 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
This vulnerability was discovered and researched by Kris Hunt of the ISS
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforceiss.net for
Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforceiss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----