A buffer overflow vulnerability exists in the standard Solaris snmpXdmid program where remote root access can be obtained.
Versions 2.6, 7, and 8 of Sun Microsystem's Solaris operating environment ship with service called 'snmpXdmid'. This daemon is used to map SNMP management requests to DMI requests and vice versa.
SnmpXdmid contains a remotely exploitable buffer overflow vulnerability. The overflow occurts when snmpXdmid attempts to translate a 'malicious' DMI request into an SNMP trap.
SnmpXdmid runs with root privileges and any attacker to successfully exploit this vulnerability will gain superuser access immediately.
Sun is aware and fixes are reportedly coming soon.
Job de Haas
For 99% of the cases the daemon can be safely turned off by turning off DMI completely. This can be achieved by renaming /etc/rc?.d/S??dmi to /etc/rc?.d/K07dmi and calling '/etc/init.d/init.dmi stop' (where ? is the appropriate runlevel). It is also wise to remove all permissions from the binary: chmod 000 /usr/lib/dmi/snmpXdmid
Reference(s):