Code: p295 Severity: Warning
Description: In the UNIX, Desktop Management Interface (DMI) and SNMP are two remote management protocols which coordinate the work. Sun Microsystems create a SNMPxDMID (/ usr / lib / dmi / snmpXdmid) mapping daemon process to connect these two protocols. This SNMP daemon process transfer request to the DMI, overflow problem happened in the buffer when dealing with ??INDICATION????. Local and remote attack take advantage of this vulnerability to get administrator privileges. Impact: All versions before Solaris 8 sun4u Corrective: 1) Rename / etc / rc?. D / S?? Dmi for / etc / rc? .d/K07dmi, and then execute command: /etc/init.d/init.dmi stop 2) Insurance purposes can change their user privileges: chmod 000 /usr/lib/dmi/snmpXdmid
|
