Bugtraq mailing list archives

Re: ATMSNMPD Vulnerable but not Addressed

From: "Emre Yildirim" <emre.yildirim () us army mil>
Date: Mon, 13 May 2002 13:01:25 -0500 (CDT)

ATMSNMPD vulnerable???? Yep! I am challenging anyone out
there to find information on line stating that Sun's
ATMSNMPD is vulnerable to attack.  As of today May 13 2002
there is no information identifying this fact.  If you are
running SunATM 4.0 or 5.0 and have not added the patches
below you are vulnerable to attack.  Is there sun
documentation identifying the vulnerability and the urgent
need to implement the patch?  As of today there is not.


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F107915&zone_32=107915http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F109039&zone_32=109039-09
The patch description doesn't mention what type of vulnerability other than
"atmsnmpd crashes due to improper handling of malicious SNMPv1 request PDUs"
This is the first time I heard about it myself.  Sun should have mentioned
this problem in an official security advisory.  The patches are also not
listed under
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/xos-8&nav=pub-patches
 which is the "Recommended & Security Patches for Solaris" page.  Why is it
not on there?  I have no clue.  I guess it is not a security issue or it
isnt a recommended patch.

Cheers

Emre Yildirim
emre () uab edu | emre.yildirim () us army mil

Current thread:

ATMSNMPD Vulnerable but not Addressed Ross Coppage (May 13)
- Re: ATMSNMPD Vulnerable but not Addressed Emre Yildirim (May 13)
- <Possible follow-ups>
- ATMSNMPD Vulnerable but not Addressed Coppage, Ross (May 13)