Bugtraqmailing list archives
Re: ATMSNMPD Vulnerable but not Addressed
From: "Emre Yildirim" <emre.yildirim () us army mil>
Date: Mon, 13 May 2002 13:01:25 -0500 (CDT)
ATMSNMPD vulnerable???? Yep! I am challenging anyone outthere to find information on line stating that Sun'sATMSNMPD is vulnerable to attack. As of today May 13 2002there is no information identifying this fact. If you arerunning SunATM 4.0 or 5.0 and have not added the patchesbelow you are vulnerable to attack. Is there sundocumentation identifying the vulnerability and the urgentneed to implement the patch? As of today there is not.
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F107915&zone_32=107915http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F109039&zone_32=109039-09The patch description doesn't mention what type of vulnerability other than"atmsnmpd crashes due to improper handling of malicious SNMPv1 request PDUs"This is the first time I heard about it myself. Sun should have mentionedthis problem in an official security advisory. The patches are also notlisted underhttp://sunsolve.sun.com/pub-cgi/show.pl?target=patches/xos-8&nav=pub-patches which is the "Recommended & Security Patches for Solaris" page. Why is itnot on there? I have no clue. I guess it is not a security issue or itisnt a recommended patch.CheersEmre Yildirimemre () uab edu | emre.yildirim () us army mil
Current thread:
- ATMSNMPD Vulnerable but not AddressedRoss Coppage (May 13)
- Re: ATMSNMPD Vulnerable but not AddressedEmre Yildirim (May 13)
- <Possible follow-ups>
- ATMSNMPD Vulnerable but not AddressedCoppage, Ross (May 13)