Note: This is an archival copy of Security Sun Alert 200549 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000417.1. |
Category Security Release Phase Resolved 4563124, 4642557, 4630596 Date of Resolved Release 22-OCT-2003 With Solstice X.25 ... 1. Impact With Solstice X.25, unprivileged local or remote users may be able to kill the snmpx25d daemon due to the mishandling of SNMP requests. This would cause a denial of service for utilities or users attempting to access this daemon. Also, unprivileged local or remote users may be able to gain unauthorized root access due to a buffer overflow in the snmpx25d daemon. This issue is described in the CERT Vulnerability VU#854306 at http://www.kb.cert.org/vuls/id/854306 which is referenced in CA-2002-03 at http://www.cert.org/advisories/CA-2002-03.html. 2. Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
To determine if X25 is installed and which version, run the following command: % pkginfo -l SUNWx25a | grep VERSION If the VERSION string is returned (along with the corresponding version), the system has Solstice X.25 installed. If nothing is returned, then X25 is not installed. 3. Symptoms The snmpx25d daemon may exit resulting in the creaton of a file named "core" in the root (/) directory (if X.25 is started at system boot), or in the directory from which X.25 was manually started. 4. Workaround Some relief to the buffer overflow is available by enabling non-executable user stacks (although this does not provide 100 percent protection against exploitation of this vulnerability, it makes the likelihood of a successful exploit much smaller). This workaround is only effective on sun4u, sun4m, and sun4d architectures (enter "uname -m" to display a systems architecture). Note: This workaround will not work on x86 platforms. To enable non-executable program stacks, add the following lines to the "/etc/system" file and reboot the system: set noexec_user_stack = 1 set noexec_user_stack_log = 1 The above tunable parameters are described in the "Solaris Tunable Parameters Reference Manual" at http://docs.sun.com. 5. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Product Solstice X.25 9.2 References105084-17108669-06 105188-17 108670-06 Attachments This solution has no attachment |
|