Note: This is an archival copy of Security Sun Alert 201266 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000949.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
When the System Management Agent (SMA) SNMP daemon (snmpd(1M)) is running in "master agentx" mode, a security vulnerability may allow a local or remote unprivileged user to create a Denial of Service (DoS) condition by causing a particular TCP disconnect.
This issue is described in the following document:
CVE-2005-4837 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4837
This issue can occur in the following releases:
This issue only affects systems which have the SUNWsmagt package installed and AgentX is enabled. To determine if the SUNWsmagt package is installed on the system, the following command can be run:
$ pkginfo -l SUNWsmagt PKGINST: SUNWsmagt NAME: System Management Agent files and libraries CATEGORY: system VERSION: 1.0,REV=2005.01.08.05.16
To confirm the version of Net-SNMP installed on the system, the following command can be run:
$ /usr/sfw/sbin/snmpd -v NET-SNMP version: 5.0.9 Web: http://www.net-snmp.org/ Email: email@example.com
If the version reported is 5.0.9 or earlier and the above patch is not installed then the described issue may occur.
By default, AgentX support is turned off. This issue will only occur if AgentX support is enabled explicitly. To determine if AgentX support is enabled, the following command can be run (as 'root'):
# grep agentx /etc/sma/snmp/snmpd.conf master agentx
The above output indicates AgentX support is enabled and snmpd(1M) is vulnerable. If the above command produces no output, then snmpd(1M) is not vulnerable.
Should the described issue occur, snmpd(1M) will core dump.
To work around the described issue, disable AgentX support by commenting out the "master agentx" entry in the "/etc/sma/snmp/snmpd.conf" file, as in the following example:
then restart SMA with the following command:
# /etc/init.d/init.sma restart
This issue is addressed in the following releases:
This solution has no attachment