Patch-ID# 107710-24 Keywords: security libssasnmp subagents mibiisa snmpdx swap memleak snmp Synopsis: SunOS 5.7_x86: libssasnmp/libssagent/snmpdx/snmpXdmid/mibiisa Patches Date: Aug/24/2004 Install Requirements: None Solaris Release: 7_x86 SunOS Release: 5.7_x86 Unbundled Product: Unbundled Release: Xref: This patch is available for SPARC as patch 107709 Topic: SunOS 5.7_x86: libssasnmp/libssagent/snmpdx/snmpXdmid/mibiisa Patches NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 4080279 4144431 4166235 4171108 4172607 4176076 4178419 4185282 4186361 4189025 4192875 4208419 4218931 4219323 4224859 4224980 4232111 4233051 4237139 4244005 4247714 4248205 4250162 4256473 4259494 4263123 4266410 4268600 4270182 4272418 4281152 4281180 4283027 4283090 4284040 4287389 4289168 4290448 4290450 4299328 4301970 4309416 4330039 4333417 4359519 4361619 4368330 4377219 4382247 4390382 4391717 4392164 4395096 4401120 4402954 4403777 4412996 4414237 4449305 4451002 4451572 4452076 4464887 4489974 4493259 4563124 4639285 4639509 4639515 4639581 4640211 4640230 4643121 4787450 4889976 4935739 4940928 4958796 4959348 5053265 Changes incorporated in this version: 5053265 Patches accumulated and obsoleted by this patch: 106902-02 107446-03 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/snmp/conf/snmpd.conf /usr/lib/dmi/dmispd /usr/lib/dmi/snmpXdmid /usr/lib/libdmi.so.1 /usr/lib/libdmici.so.1 /usr/lib/libdmimi.so.1 /usr/lib/libssagent.so.1 /usr/lib/libssasnmp.so.1 /usr/lib/snmp/mibiisa /usr/lib/snmp/snmpdx /usr/sbin/snmp_trapsend /var/snmp/mib/sun.mib Problem Description: 5053265 /var/adm/messages filled due to bad community string (from 107710-23) (Revision respun due to integration issues) (from 107710-22) 4889976 mibiisa unable to send traps to snmpdx 4935739 snmpdx receives the traps with community string "public" 4940928 mibiisa uses enterprise OID as 1.3.6.1.4.1.42.2.1.1 4958796 system services OID is not correct 4959348 master agent doesn't recognize other than "public" in the snmpd.conf (from 107710-21) 4489974 select fails due to invalid timeout parameter 4787450 incorrect response to GETNEXT for multiple instances of a columnar object (from 107710-20) 4643121 support of kstat variable "link_up" for SNMP 4395096 supported traps within SEA 1.0.3 (from 107710-19) 4493259 snmp is not returning correct ifOuterrors 4640230 SNMP relay agent has format/buffer overflow bugs. 4640211 SNMP relay agent may spin pegging CPU 4639581 SNMP relay agent corrupts memory 4639285 mibiisa has a buffer overflow 4639509 mibiisa suffers a memory leak. 4639515 snmp relay agent stops forwarding if mibiisa drops requests. (from 107710-18) 4563124 buffer overflow in snmpdx allows remote root compromise (from 107710-17) (Revision respun due to integration issues and not released.) (from 107710-16) 4449305 SNMP agent returns stale information (from 107710-15) 4452076 ifOperStatus from SEA always gives 2 (ie. down) for virtual interfaces 4464887 fixing the bug 4451572 triggers the error as "/etc/snmp/conf/snmpdx.acl" failed (from 107710-14) 4382247 sun.mib does not comply, this line sun-snmp DEFINITIONS ::= BEGIN needs SUN-SNMP 4451572 SEA 1.0.3: community strings with leading numerals are not working in acl lists 4392164 snmp subagent developed with SDK dying intermittently 4451002 snmpXdmid still core dumps after fix for 4412996 (from 107710-13) 4412996 Buffer overflow in snmpXdmi allows remote root compromise. (from 107710-12) 4402954 ifspeed of logical I/F is mistaken. 4391717 snmp_trapsend command returns ambiguous status when exit() is done (from 107710-11) 4414237 hard coded security strings are clearly visible (from 107710-10) 4403777 regression in Solaris 7 (only) caused by fix for 4390382 (from 107710-09) 4401120 fixes a regression caused by 4368330 4390382 snmp request from an unauthorized manager echos "End of MIB view" (from 107710-08) 4377219 fully qualified names choke when specified in acl lists 4368330 How to avoid the access of managers to agents? 4359519 Authentication trap occur only 6 counts. 4361619 use of an assigned port by SNMPXdmid daemon (S77 dn start up file) 4330039 snmp_trapsend: -c option does not work (from 107710-07) 4333417 varbinds with type TimeTicks are skipped (from 107710-06) 4309416 mibiisa reports incorrect ifOperStatus on network interface 4301970 snmpdx create "defunct process" continuously when use SIMS3.5 on Solaris 7. (from 107710-05) 4299328 snmpXdmid stops sending traps after reboot (from 107710-04) 4080279 SNMP agent never sets ifOperStatus to 'down' on hme interface 4192875 SEA 1.0.3 sdk reports warning: initializer does not fit or is out of range 4244005 network interfaces are renumbered by mibiisa when an interface is removed 4256473 SSAsendtrap sends three duplicate traps 4259494 SP leaks memory when indications force frequent callbacks by component 4263123 prototype for _SSASendTrap3 is not correct 4266410 demoEntryString is not writable. 4268600 snmpd.conf needs to restrict managers to localhost 4270182 AuthenticationFailureTrap not generated during testing of security. 4272418 dmispd returns invalid DmiDateStamp after component installation 4281152 DMI (dmispd) database files are created rw-rw-rw- s/b rw-r--r-- 4281180 dmispd: Error in WriteComponentToDB =525 4283027 SNMP master agent (snmpdx) database file created rw-rw-rw- s/b rw-r--r-- 4283090 Subagent needs to start with a specifi group id 4284040 dmisp can core dump 4287389 SEA 1.0.3: sysServices read-only does not allow modification 4289168 syslog/console message, dmispd: Error in WriteComponentToDB =525 4290448 atIfIndex and ipNetToMediaIfIndex are always 1 4290450 ipRouteIfIndex is always 2, except for local entries (from 107710-03) 4248205 SSARegSubagent() prints messages to console when called (when -d = 0) 4250162 better trap support required by mapper 4247714 'newdevice' entries in /etc/snmp/snmpd.conf are not parsed correctly (from 107710-02) 4189025 mibcodegen does not support string index 4218931 Enterprise agents agent library doesn't support tabluar trap values. 4219323 trap tag values for counter and gauge are not supported 4208419 /etc/snmp/conf/snmpdx.acl does not allow "." in the community name 4233051 SEA 1.0.3:firewall discards snmp traps with source address of localhost 4186361 defining snmp trap causes mibcodegen to generate bad output (from 107710-01) 4224980 Multi-threaded support needed for SEA subagents (from 107446-03) 4237139 get-next for MIB tables is not working correctly 4185282 interpretation of ifspeed kstat is incorrect 4224859 SEA 1.0.3 does not return correct MAC address for FDDI (nf) interface (from 107446-02) 4232111 SNMP Main Agent SEGV with SNMPWALK on specific OID range (from 107446-01) This revision is a repackaging done to reflect that the patched components are actually part of Solaris itself. If 106788-02 is already installed on a system, it is not necessary (but OK) to install this revision. You may instead wait and install a newer version when needed. (from 106902-02) 4171108 Unable to use more than 3 indexes in a table. 4178419 mibiisa consumes available swap space (from 106902-01) 4166235 Files /var/dmi/db/1l.comp, /var/dmi/db/1l.tbl and /var/snmp/snmpdx.st are created 666 after install. 4176076 snmpdx echos unnecessary messages to console Also: When manager read a non-existent variable, the error message will only be logged if snmpdx is started with the "-d" option. 4172607 agent deleted from agent table when queried with incorrect read string 4144431 mibissa consuming 50% plus of cpu. Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: Additional instructions to ensure operation of new functionality introduced by bugfix 4250162: snmpXdmid allows enterprise OID's to be specified for traps. /etc/dmi/conf/snmpXdmid.conf can be modified to include specific enterprise numbers. Each line must begin with keyword "ENTERPRISES =" followed by a list of comma separated OIDs. eg: ENTERPRISES = 1.2.3.4.5.98, 1.2.3.4.5.99, 1.2.3.4.5.100 NOTE 2: This patch supplies a new /etc/snmp/conf/snmpd.conf file; If any customizations were made to the original snmpd.conf file, please make sure to merge in those changes. A copy of the original file is saved under the name /etc/snmp/conf/snmpd.conf.$Date. README -- Last modified date: Tuesday, August 24, 2004