Note: This is an archival copy of Security Sun Alert 200549 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000417.1.
4563124, 4642557, 4630596
Date of Resolved Release
With Solstice X.25 ...
With Solstice X.25, unprivileged local or remote users may be able to kill the snmpx25d daemon due to the mishandling of SNMP requests. This would cause a denial of service for utilities or users attempting to access this daemon.
Also, unprivileged local or remote users may be able to gain unauthorized root access due to a buffer overflow in the snmpx25d daemon.
2. Contributing Factors
This issue can occur in the following releases:
To determine if X25 is installed and which version, run the following command:
% pkginfo -l SUNWx25a | grep VERSION
If the VERSION string is returned (along with the corresponding version), the system has Solstice X.25 installed. If nothing is returned, then X25 is not installed.
The snmpx25d daemon may exit resulting in the creaton of a file named "core" in the root (/) directory (if X.25 is started at system boot), or in the directory from which X.25 was manually started.
Some relief to the buffer overflow is available by enabling non-executable user stacks (although this does not provide 100 percent protection against exploitation of this vulnerability, it makes the likelihood of a successful exploit much smaller). This workaround is only effective on sun4u, sun4m, and sun4d architectures (enter "uname -m" to display a systems architecture).
Note: This workaround will not work on x86 platforms.
To enable non-executable program stacks, add the following lines to the "/etc/system" file and reboot the system:
set noexec_user_stack = 1 set noexec_user_stack_log = 1
The above tunable parameters are described in the "Solaris Tunable Parameters Reference Manual" at http://docs.sun.com.
This issue is addressed in the following releases:
Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
Solstice X.25 9.2
This solution has no attachment