Note: This is an archival copy of Security Sun Alert 262908 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020685.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Security Vulnerability in the SNMP daemon (snmpd(1M)) May Lead to a Denial of Service (DoS) Condition
A heap-based buffer overflow security vulnerability in the System Management Agent (SMA) SNMP daemon (snmpd(1M)) that ships with Solaris may allow a local or remote unprivileged user to crash the snmpd daemon via a specially crafted SNMP GETBULK request. This is a type of Denial of Service (DoS).
The issue is as described in the following documents:
CVE-2008-4309 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309
CVE-2009-1887 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1887
2. Contributing Factors
This issue can occur in the following releases:
1. Solaris 8 and Solaris 9 do not ship with the Net-SNMP software and therefore are not impacted by this issue.
2. The Solaris 10 patches which address this vulnerability do not increment the version of Net-SNMP. The version of Net-SNMP supplied with the patches will still be reported as 5.0.9.
3. This issue only affects systems which have the SUNWsmagt package installed and sma service enabled.
To determine if the SUNWsmagt package is installed on the system, the following command can be run:
$ pkginfo -l SUNWsmagtTo determine if sma service is enabled on the machine, the following command can be run:
$ svcs svc:/application/management/sma:default4. OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows:
$ uname -v3. Symptoms
There are no predictable symptoms that would indicate the described issue has occurred.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
08-Jul-2009: Updated Workaround for IDRs
08-Sep-2009: Updated Contributing Factors and Resolution sections; now Resolved
This solution has no attachment