Sun recently announced the release of patches for Solaris 7, 2.6, 2.5.1, 2.5, 2.4, and 2.3 (SunOS 5.7, 5.6, 5.5.1, 5.5, 5.4 and 5.3), which relate to a vulnerability with snoop.
Sun recommends that you install the patches immediately on systems running SunOS 5.7, 5.6, 5.5.1, 5.5, 5.4, and 5.3.
Snoop captures packets from the network and displays their contents. A buffer overflow vulnerability has been discovered in this application, and it may be exploited by a remote attacker to execute arbitrary instructions and gain root access. The buffer overflow occurs when snoop analyzes certain types of large requests to the rquotad rpc service (note that this also makes a nice anti-sniffing technique. See our article: Detecting sniffers on your network).
