Code: p80 Severity: Critical
Description: A hidden community string is hard-coded into the Solaris 2.6 SNMP implementation. This community string has read-write access to the ??mibiisa?? extensible agent. Impact: Several vulnerabilities, when used together, may allow a remote attacker to execute commands as root. System parameters that are only accessible normally by the superuser can also be viewed and modified from any machine from remote. Attackers do not necesarily need local access to exploit this vulnerability. Corrective: Obtain the 2.6 patch from Sun Micrososystems. http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access Disable SNMP or the apply patch.
|
