Bugtraq mailing list archives
Re: ATMSNMPD Vulnerable but not Addressed
From: "Emre Yildirim" <emre.yildirim () us army mil>
Date: Mon, 13 May 2002 13:01:25 -0500 (CDT)
ATMSNMPD vulnerable???? Yep! I am challenging anyone out there to find information on line stating that Sun's ATMSNMPD is vulnerable to attack. As of today May 13 2002 there is no information identifying this fact. If you are running SunATM 4.0 or 5.0 and have not added the patches below you are vulnerable to attack. Is there sun documentation identifying the vulnerability and the urgent need to implement the patch? As of today there is not.
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F107915&zone_32=107915http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F109039&zone_32=109039-09 The patch description doesn't mention what type of vulnerability other than "atmsnmpd crashes due to improper handling of malicious SNMPv1 request PDUs" This is the first time I heard about it myself. Sun should have mentioned this problem in an official security advisory. The patches are also not listed under http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/xos-8&nav=pub-patches which is the "Recommended & Security Patches for Solaris" page. Why is it not on there? I have no clue. I guess it is not a security issue or it isnt a recommended patch. Cheers Emre Yildirim emre () uab edu | emre.yildirim () us army mil
Current thread:
- ATMSNMPD Vulnerable but not Addressed Ross Coppage (May 13)
- Re: ATMSNMPD Vulnerable but not Addressed Emre Yildirim (May 13)
- <Possible follow-ups>
- ATMSNMPD Vulnerable but not Addressed Coppage, Ross (May 13)