printer_version

Solaris snmpXdmid Vulnerability


Summary

A buffer overflow vulnerability exists in the standard Solaris snmpXdmid program where remote root access can be obtained. The following is derived from the BugTraq advisory

The problem

Versions 2.6, 7, and 8 of Sun Microsystem's Solaris operating environment ship with service called 'snmpXdmid'. This daemon is used to map SNMP management requests to DMI requests and vice versa.

SnmpXdmid contains a remotely exploitable buffer overflow vulnerability. The overflow occurts when snmpXdmid attempts to translate a 'malicious' DMI request into an SNMP trap.

SnmpXdmid runs with root privileges and any attacker to successfully exploit this vulnerability will gain superuser access immediately.

Fix

Sun is aware and fixes are reportedly coming soon.

Job de Haas provided the following workaround in his advisory:

Reference(s):