Signature Detail

RPC: Solaris snmpXdmid Buffer Overflow

This signature detects attempts to exploit a known vulnerability against snmpXdmid, the SNMP-to-DMI and DMI-to-SNMP mapper daemon in Solaris. Attackers can send a maliciously crafted DMI request, which the snmpXdmid attempts to translate into an SNMP trap, causing a buffer overflow, and allowing the attacker to execute arbitrary commands.

Extended Description

Versions 2.6, 7, and 8 of Sun Microsystem's Solaris operating environment ship with service called 'snmpXdmid'. This daemon is used to map SNMP management requests to DMI requests and vice versa. SnmpXdmid contains a remotely exploitable buffer overflow vulnerability. The overflow occurs when snmpXdmid attempts to translate a 'malicious' DMI request into an SNMP trap. SnmpXdmid runs with root privileges and any attacker to successfully exploit this vulnerability will gain superuser access immediately.

Affected Products

• Sun Solaris 2.6
• Sun Solaris 2.6_x86
• Sun Solaris 7.0
• Sun Solaris 7.0_x86
• Sun Solaris 8 Sparc
• Sun Solaris 8 X86

References

• BugTraq: 2417
• CERT: CA-2001-05
• CVE: CVE-2001-0236
• URL: http://archives.neohapsis.com/archives/bugtraq/2001-03/0175.html
• URL: http://www.ciac.org/ciac/bulletins/l-065.shtml
• URL: http://www.kb.cert.org/vuls/id/648304