Entercept Security Advisory/SEA SNMP - Buffer Overflow and Format String Vulnerabilities in Sun Solaris Discovered by Entercept Security.
SAN JOSE, Calif.--(BUSINESS WIRE)--June 4, 2002
Entercept Security Technologies
Scope: An unchecked buffer in a component of Sun's Solaris Operating System can be overrun and remotely exploited, allowing an attacker to execute arbitrary code with root privileges. There is also a format string vulnerability in the same component that can cause the same damage. Both of these vulnerabilities exist in the SNMP components snmpdx and mibiisa, which are installed by default with the Solaris Operating System. Exploiting these vulnerabilities would give an attacker complete control of the attacked server. Versions Affected: SunOS 5.8, 5.8_x86, 5.7, 5.7_x86, 5.6, 5.6_x86 The vulnerabilities were discovered by Sinan Eren of Entercept's Ricochet Team. Entercept Security Technologies worked closely with the Sun Security team, while they developed a patch. For additional details, read Sun's Security Bulletin #00219: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/ 219&type=0&nav=sec.sbl&ttl=sec.sbl (Due to the length of this URL, it may be necessary to copy and paste this hyperlink into your Internet browser's URL address field.) What is a Buffer Overflow Exploit? Most application programs have fixed-size buffers that hold data. If an attacker sends too much data into one of these buffers and the program does not check the size of the data, the buffer overflows. The server may then execute the data that 'overflowed' as if it were a program. If the exploitable buffer exists in a privileged process, a malicious program could then take full control of the server and can do any number of things, including executing commands on the victim machine, stealing passwords or other confidential information, altering system configurations and/or installing backdoors, etc. What is a Format String Exploit? A format string vulnerability exist if a user can manipulate the format specification passed to a basic C function, such as printf, fprintf, or sprintf, a vulnerability exists. Format string vulnerabilities represent a significant threat for servers and commercial applications. Format string vulnerabilities can be used to locally or remotely execute arbitrary code on a system. The manufacturer's patch for these vulnerabilities is available and can be downloaded on their Web site: http://sunsolve.sun.com/securitypatch Entercept's(TM) Protection Entercept's(TM) patented protection against buffer overflow and format string exploits prevents the execution of arbitrary code as a result of a buffer overflow or a format string attack. Entercept would prevent attack code from being executed as a result of a buffer overrun or format string condition due to these vulnerabilities, protecting the integrity of the server. Additionally, it is important to note that Entercept provides this protection without any signature or code updates. How Entercept's Protection Works: Entercept examines system calls before the OS executes them. Entercept's patented protection can determine whether the code to be executed came from a regular application program or from an overflowed buffer. If the code came from a writable buffer, Entercept blocks it. If it came from a regular application, Entercept allows it to be executed. Recommendations: In order to best counter this threat, Entercept recommends following its Security Best Practices, including: 1. Install Sun's SNMP Server patch(es) as appropriate 2. Deploy Entercept on all critical Solaris servers. This will prevent the buffer overflow or format string attacks from being exploited, and protect the systems' integrity. DISCLAIMER STATEMENT: The information in this bulletin is provided by Entercept Security Technologies, Inc. ("Entercept") and is intended to provide information on a particular security issue or incident. Given that each exploitation technique is unique, Entercept makes no claim to prevent any specific exploit related to the vulnerability discussed in this bulletin. Entercept expressly disclaims any and all warranties with respect to the information provided in this bulletin, express or implied or otherwise, including, but not limited to, warranty of fitness for a particular purpose. Under no circumstances may this information be used to exploit vulnerabilities in any other environment. About Entercept Security Technologies Entercept Security Technologies is the proven leader in intrusion prevention software. Based on patented technology, Entercept safeguards the entire server by preventing known and unknown malicious attacks. Unlike other security solutions, Entercept uses a combination of behavioral rules and signatures to proactively prevent attacks rather than merely detecting and reporting them after they occur. Strategic partners include Cisco, Check Point, Foundstone and other leading companies. Entercept has received numerous awards and industry recognition, including Network Magazine's 2001 & 2002 Product of the Year, Fortune Small Business Magazine's '65 Big Ideas List', SC Magazine's 'Best Pick of the Year 2000 and 2001', InfoWorld magazine's 'Business Impact of the Year Award', and InfoWorld magazine's Readers Choice 'Security Product of the Year'. www.entercept.com The information provided is identified, assessed and measured by the Entercept Ricochet(TM) security research team, a leading group of security experts dedicated to collecting and evaluating intelligence against server threats. About Entercept Ricochet (TM) Entercept's Ricochet Team is a specialized group of security researchers dedicated to identifying, assessing, and evaluating intelligence regarding server threats. The Ricochet Team researches current and future avenues of attack and builds this knowledge into Entercept's intrusion prevention solution. Ricochet is dedicated to providing critical, viable security content via security advisories and technical briefs. This content is designed to educate organizations and security professionals about the nature and severity of Internet security threats, vulnerabilities and exploits. Note to Editors: Entercept and the Entercept logo are trademarks of Entercept Security Technologies. All other trademarks, trade names or service marks are the property of their respective owners.
|Printer friendly Cite/link Email Feedback|
|Date:||Jun 4, 2002|
|Previous Article:||Multimedia Available: Genpass Inc. Signs Peter Davidson - Former President of Speer & Associates - As President of Genpass Card Solutions.|
|Next Article:||S&P Afms Rtgs on 5 Ser of UCFC Acceptance Corp. Certs.|