snmpXdmid buffer overflow

Added: 03/12/2007
CVE: CVE-2001-0236
BID: 2417
OSVDB: 546

Background

The SNMP to DMI mapper daemon (snmpXdmid) translates Simple Network Management Protocol (SNMP) events to Desktop Management Interface (DMI) indications and vice-versa.

Problem

snmpXdmid is affected by a buffer overflow vulnerability when a specially crafted indication event is translated into an SNMP trap. This could allow a remote attacker to execute arbitrary commands.

Resolution

Apply one of the patches referenced in Sun Bulletin 00207 or disable snmpXdmid as shown in CERT Advisory 2001-05.

References

http://www.cert.org/advisories/CA-2001-05.html

Limitations

There may be a delay before this exploit succeeds.

Platforms

SunOS 5.7 / Solaris 7
SunOS 5.8 / Solaris 8

Back to exploit index