The Solaris 'snoop(1M)' network utility is prone to multiple remote vulnerabilities, including: - Multiple stack-based buffer-overflow vulnerabilities - Multiple format-string vulnerabilities Exploiting these issues will allow attackers to execute arbitrary code with the privileges of the 'nobody' user. These issues may also be exploited to capture network traffic that is visible to the network interface. Since the 'snoop(1M)' utility handles segmentation faults, repeated exploit attempts are also possible. These issues affect the following versions for SPARC and x86 platforms: Solaris 10 Solaris 9 Solaris 8 OpenSolaris builds snv_01 to snv_95 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8 Sun Solaris 10_x86 Sun Solaris 10 Sun OpenSolaris build snv_95 Sun OpenSolaris build snv_92 Sun OpenSolaris build snv_91 Sun OpenSolaris build snv_89 Sun OpenSolaris build snv_88 Sun OpenSolaris build snv_64 Sun OpenSolaris build snv_22 Sun OpenSolaris build snv_19 Sun...
The Solaris 'snoop(1M)' network utility is prone to multiple remote vulnerabilities, including: - Multiple stack-based buffer-overflow vulnerabilities - Multiple format-string vulnerabilities Exploiting these issues will allow attackers to execute arbitrary code with the privileges of the 'nobody' user. These issues may also be exploited to capture network traffic that is visible to the network interface. Since the 'snoop(1M)' utility handles segmentation faults, repeated exploit attempts are also possible. These issues affect the following versions for SPARC and x86 platforms: Solaris 10 Solaris 9 Solaris 8 OpenSolaris builds snv_01 to snv_95 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8 Sun Solaris 10_x86 Sun Solaris 10 Sun OpenSolaris build snv_95 Sun OpenSolaris build snv_92 Sun OpenSolaris build snv_91 Sun OpenSolaris build snv_89 Sun OpenSolaris build snv_88 Sun OpenSolaris build snv_64 Sun OpenSolaris build snv_22 Sun OpenSolaris build snv_19 Sun OpenSolaris build snv_13 Sun OpenSolaris build snv_02 Sun OpenSolaris build snv_01 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya CMS Server 13.0 Avaya CMS Server 14.1 Avaya CMS Server 14.0 Avaya CMS Server 13.1 厂商已经发布了修正。请参阅参考资料以获取更多信息。
