[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[irix-security] IRIX SNMP Vulnerabilities

To: irix-security@sfu.ca
Subject: [irix-security] IRIX SNMP Vulnerabilities
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 5 Jun 2002 18:58:52 -0700
User-Agent: Mutt/1.2.5.1i

Topic
=====
various vulnerabilities in the IRIX snmpd daemon can lead to remote root
exploit.

Problem Description
===================
The IRIX /usr/etc/snmpd, /usr/etc/peer_encaps, and /usr/etc/peer_snmpd,
when used with a public read-only community, can be made to dump core when
running the publicly available "PROTOS Test-Suite: c06-snmpv1" regression
tests, see:

  http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/

A buffer overflow in snmpd was also reported by Kris Hunt of ISS:
http://www.iss.net/security_center/alerts/advise113.php

These buffer overflows may be exploited by a remote user and no local
access is required.

The above snmp daemons are not installed by default, they are part of the
eoe.sw.netman package and can be optionally installed.

In order to check to see if this package is installed, run the following
command:

  # versions | grep netman

If the output of the above command looks like the following, then the
daemons are installed and the system is vulnerable:

  I  eoe.sw.netman        03/14/2001  Network Management SNMP Support

Workaround
==========
The only workaround for these problems is to uninstall the product using the
following commands:

  # versions remove eoe.sw.netman

SGI recommends either upgrading to IRIX 6.5.16 when it is released, or
installing the appropriate patch from the listing below.

Solution
========
SGI has provided a series of patches for these vulnerabilities. Our
recommendation is to upgrade to IRIX 6.5.16 when available, or install the
appropriate patch.

   OS Version     Vulnerable?     Patch #
   ----------     -----------     -------
   IRIX 6.5          yes          4574  
   IRIX 6.5.1        yes          4574 
   IRIX 6.5.2        yes          4574
   IRIX 6.5.3        yes          4574
   IRIX 6.5.4        yes          4574
   IRIX 6.5.5        yes          4574
   IRIX 6.5.6        yes          4574
   IRIX 6.5.7        yes          4574
   IRIX 6.5.8        yes          4574
   IRIX 6.5.9        yes          4574
   IRIX 6.5.10       yes          4574
   IRIX 6.5.11       yes          4574
   IRIX 6.5.12       yes          4574
   IRIX 6.5.13       yes          4574
   IRIX 6.5.14       yes          4574
   IRIX 6.5.15       yes          4574


Remarks
=======
Patch 4574 can be obtained from
http://www.sfu.ca/acs/security/irix/irix-patches.html

SGI recommends upgrading to IRIX 6.5.16m or 6.5.16f. Patch 4574 can
be found on ftp://patches.sgi.com/support/free/security/patches/ or
http://support.sgi.com/

Prev by Date: [irix-security] IRIX O2 video security flaws
Next by Date: [irix-security] IRIX Mail, mailx, timed and sort vulnerabilities
Prev by thread: [irix-security] IRIX Mail, mailx, timed and sort vulnerabilities
Next by thread: [irix-security] IRIX O2 video security flaws
Index(es):
- Date
- Thread