ATMSNMPD Vulnerable but not Addressed

From: Ross Coppage (coppager@scott.disa.mil)
Date: 05/13/02


Date: 13 May 2002 15:55:22 -0000
From: Ross Coppage <coppager@scott.disa.mil>
To: bugtraq@securityfocus.com


('binary' encoding is not supported, stored as-is)

ATMSNMPD vulnerable???? Yep! I am challenging anyone out
there to find information on line stating that Sun's
ATMSNMPD is vulnerable to attack. As of today May 13 2002
there is no information identifying this fact. If you are
running SunATM 4.0 or 5.0 and have not added the patches
below you are vulnerable to attack. Is there sun
documentation identifying the vulnerability and the urgent
need to implement the patch? As of today there is not.
Sun still has not publicly released this info. Why I don't
know. I had to research the heck out of this to get this
answer. See below for more info.
Patches:
107915-13: SunATM 4.0 Update1: bug fixes
109039-09: SunATM 5.0: bug fixes

(SEE BELOW FOR DETAILS)

-----Original Message-----
From: Dave Ahmad [mailto:da@securityfocus.com]
Sent: Wednesday, May 08, 2002 10:44 AM
To: Coppage, Ross
Subject: Re: Suns ATMSNMPD Vulnerable -Not identified

Hi Ross,

Thanks for the information, but do you have the patch IDs?
Could you
include that in a new message to the list?

Dave Ahmad
SecurityFocus
www.securityfocus.com

On Wed, 8 May 2002, Coppage, Ross wrote:

>
> I have been researching the suns ATMSNMPD which is part
of the Sun ATM card
> installation. Suns recent information addressing SNMP
security issues does
> not mention ATMSNMPD. All CERT advisory and other sites
fail to mention it
> as well. Sun has a patch but does not advertise this as
being vulnerable.
> Unless you happen to apply the ATM patch you are
potentially vulnerable to
> the attack. ATMSNMPD should be included in suns security
documentation
> addressing SNMP. Additionally it should be included in
the IAVA information
> released by the Government. Sun engineers did
acknowledge that it is
> vulnerable and should be patched. If you don't have the
very latest patches
> you are vulnerable. No security information ties the
patch to a
> vulnerability. This needs to be identified and
associated with other recent
> SNMP vulnerabilities. I only found this out after a
couple weeks of
> research. Steven Northcut at SANS.org researched and
also found no information
> associating ATMSNMPD with the recent vulnerabilities.
>
> If you follow (Suns) vendor security guidelines and
alerts you would never
> find out about ATMSNMPDs vulnerability and or necessary
patch. I am sure
> there are countless unpatched, vulnerable ATM cards out
there. This is just
> a friendly heads up.
>
> Regards,
>
> Ross
>
> SNMP Vulnerability links:
> http://www.cert.org/advisories/CA-2002-03.html
> http://www.kb.cert.org/vuls/id/854306
>
>
>
> Ross Coppage, MCSE
> UNIX System Administrator
> International Consultants Inc.
> DISA-CONUS
> (618) 229-8877
> coppager@scott.disa.mil
>
> "No amount of ability is of the slightest avail without
honor."
> Andrew Carnegie
>
>
>

Ross Coppage, MCSE
UNIX System Administrator
International Consultants Inc.
DISA-CONUS
(618) 229-8877
coppager@scott.disa.mil

"No amount of ability is of the slightest avail without
honor."
Andrew Carnegie



Relevant Pages

  • ATMSNMPD Vulnerable but not Addressed
    ... ATMSNMPD Vulnerable but not Addressed ... Sun responded to me acknowledging that they are investigating problems ... The patch description doesn't mention what type of vulnerability other than ...
    (Bugtraq)
  • Re: ATMSNMPD Vulnerable but not Addressed
    ... > ATMSNMPD is vulnerable to attack. ... > below you are vulnerable to attack. ... The patch description doesn't mention what type of vulnerability other than ... which is the "Recommended & Security Patches for Solaris" page. ...
    (Bugtraq)
  • CERT Advisory CA-2002-35 Vulnerability in RaQ 4 Servers
    ... A remotely exploitable vulnerability has been discovered in Sun Cobalt ... Cobalt RaQ 4, please see the COBALT RaQ 4 User Manual. ... Security Hardening Package (SHP) for Cobalt RaQ 4. ...
    (Cert)
  • [UNIX] Integer Overflow in XDR Library
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... distributed as part of the Sun Microsystems XDR library. ... * BSD-derived libraries with XDR/RPC routines ... not listed below or in the vulnerability note, ...
    (Securiteam)
  • Fwd: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines
    ... CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library routines ... XDR libraries are used to provide ... vulnerability is similar to, but distinct from, VU#192995. ...
    (Bugtraq)