Re: ATMSNMPD Vulnerable but not Addressed
From: Emre Yildirim (emre.yildirim@us.army.mil)Date: 05/13/02
- Previous message: nCipher Support: "nCipher Security Advisory #3: MSCAPI CSP Install Wizard"
- In reply to: Ross Coppage: "ATMSNMPD Vulnerable but not Addressed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 May 2002 13:01:25 -0500 (CDT) From: "Emre Yildirim" <emre.yildirim@us.army.mil> To: <bugtraq@securityfocus.com>
> ATMSNMPD vulnerable???? Yep! I am challenging anyone out
> there to find information on line stating that Sun's
> ATMSNMPD is vulnerable to attack. As of today May 13 2002
> there is no information identifying this fact. If you are
> running SunATM 4.0 or 5.0 and have not added the patches
> below you are vulnerable to attack. Is there sun
> documentation identifying the vulnerability and the urgent
> need to implement the patch? As of today there is not.
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F107915&zone_32=107915http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F109039&zone_32=109039-09
The patch description doesn't mention what type of vulnerability other than
"atmsnmpd crashes due to improper handling of malicious SNMPv1 request PDUs"
This is the first time I heard about it myself. Sun should have mentioned
this problem in an official security advisory. The patches are also not
listed under
http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/xos-8&nav=pub-patches
which is the "Recommended & Security Patches for Solaris" page. Why is it
not on there? I have no clue. I guess it is not a security issue or it
isnt a recommended patch.
Cheers
Emre Yildirim
emre@uab.edu | emre.yildirim@us.army.mil
- Previous message: nCipher Support: "nCipher Security Advisory #3: MSCAPI CSP Install Wizard"
- In reply to: Ross Coppage: "ATMSNMPD Vulnerable but not Addressed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
