Solaris snmpXdmid Buffer Overflow Vulnerability

Versions 2.6, 7, and 8 of Sun Microsystem's Solaris operating environment ship with service called 'snmpXdmid'. This daemon is used to map SNMP management requests to DMI requests and vice versa.

SnmpXdmid contains a remotely exploitable buffer overflow vulnerability. The overflow occurs when snmpXdmid attempts to translate a 'malicious' DMI request into an SNMP trap.

SnmpXdmid runs with root privileges and any attacker to successfully exploit this vulnerability will gain superuser access immediately.


 

Privacy Statement
Copyright 2010, SecurityFocus