In association with heise online

07 August 2008, 10:13

Sun's snoop dogged by a buffer overflow

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Sun Microsystems has released two security alerts for Solaris. One of the alerts affects Solaris 8, 9 and 10 and OpenSolaris, and closes a hole in the snoop network utility, which is normally used to monitor packets on the network. The other covers Solaris 10 and OpenSolaris and involves a way for an unprivileged user to crash the system.

It appears that when the snoop utility is run without the "-o" option, which directs snoop's output to a file, it is possible to craft a malicious packet that can trigger a bug allowing arbitrary commands to be run as the user running snoop. The problem is slightly mitigated by the fact that snoop, when run as root, changes its effective user to "nobody", but that is the only user for which snoop changes effective user id. The problem is related to snoop's displaying of SMB traffic according to the Sun alert for this issue.

The other issue affects Solaris 10 and OpenSolaris only. In this case a local unprivileged user or application can manipulate the pthread_mutex_reltimedlock_np in such a way as to cause the system to hang or panic. The Sun alert in this case notes there are no workarounds and directs the user to install one of two patches or update their OpenSolaris to a build later than snv_90.

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-736785
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit