[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[irix-security] IRIX hpsnmpd vulnerability

To: irix-security@sfu.ca
Subject: [irix-security] IRIX hpsnmpd vulnerability
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 5 Jun 2002 19:38:49 -0700
User-Agent: Mutt/1.2.5.1i

Topic
=====
Bugs in the hpsnmpd daemon may lead to a remote root exploit.

Problem Descritption
====================
The IRIX /usr/etc/hpsnmpd, when used with a public
read-only community, can be made to dump core when running the publicly
available "PROTOS Test-Suite: c06-snmpv1" regression tests, see:

  http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/

(this is the same vulnerability that was reported for the snmpd daemon).
These vulnerabilities may be exploited by a remote user, and no local
account is required.


Affected Systems
================
The hpsnmp daemon is not installed by default, it is part of the
snmpd.sw.hp package and can be optionally installed.

In order to check to see if this package is installed, run the following
command:

  # versions | grep snmpd.sw.hp

If the output of the above command looks like either of the following, then
the daemon is installed and the system is vulnerable:

  I  snmpd.sw.hp          03/14/2001  SNMP Sub-agent for HP-UX MIB 1.1.2

  I  snmpd.sw.hp          03/14/2001  SNMP Sub-agent for HP-UX MIB 1.1.3

If the installed version is 1.1.2, then you must first upgrade to version
1.1.3 and then you can install the patch.

If the installed version is older than 1.1.2, it won't work on IRIX 6.5 and
should be uninstalled.

Workaround
==========

The only workaround for these problems is to uninstall the product using the
following commands:

  # versions remove snmpd.sw.hp

Solution
========
Install patch 4544. For Irix 6.5.x, x < 10, upgrade to Irix 6.5.y, y > 9,
first.

   OS Version     Vulnerable?
   ----------     -----------
   IRIX 6.5          yes
   IRIX 6.5.1        yes
   IRIX 6.5.2        yes
   IRIX 6.5.3        yes
   IRIX 6.5.4        yes
   IRIX 6.5.5        yes
   IRIX 6.5.6        yes
   IRIX 6.5.7        yes
   IRIX 6.5.8        yes
   IRIX 6.5.9        yes
   IRIX 6.5.10       yes          4544         Notes 2 & 3
   IRIX 6.5.11       yes          4544         Notes 2 & 3
   IRIX 6.5.12       yes          4544         Notes 2 & 3
   IRIX 6.5.13       yes          4544         Notes 2 & 3
   IRIX 6.5.14       yes          4544         Notes 2 & 3
   IRIX 6.5.15       yes          4544         Notes 2 & 3
   IRIX 6.5.16       yes          4544         Notes 2 & 3

Remarks
=======
Patch 4544 can be found at
http://www.sfu.ca/acs/security/irix/irix-patches.html

Please note that if you have "SNMP Sub-agent for HP-UX MIB 1.1.2"
installed, you must upgrade it to version 1.1.3 prior to installing
the patch.

Prev by Date: [irix-security] IRIX cron daemon vulnerability
Next by Date: [irix-security] IRIX syslogd vulnerability
Prev by thread: [irix-security] IRIX syslogd vulnerability
Next by thread: [irix-security] IRIX cron daemon vulnerability
Index(es):
- Date
- Thread