|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tony Lambiris (methodic
libpcap.net)Date: Thu Aug 02 2001 - 23:36:34 CDT
Yup.. definately your standard buffer overflow..
On line 306 of snmpd.c, they have:
char logfile[SNMP_MAXBUF_SMALL];
They define SNMP_MAXBUF_SMALL in tools.h as a 512k buffer.
And last but not least, on line 321 of snmpd.c:
strcpy(logfile, LOGFILE);
--- more below
On 08.02.01, SECURITY <securityeds.com.ar> wrote:
> recently i was using the new rats release and looking the snmpd.c
> from ucd-snmp-4.2.1 y look this problem:
>
> when i launch snmpd with the argīs " -l AAAAAAAA....[455 charīs]"
> i have a core dump... itīs look like a little problem in the code
> when take the -l argument and strcpy to logfile, small buffer = core dump.
>
> I tried it on a i386 with a linux 7.1 but itīs independent from the SO.
> Itīs problem come with ucd-snmp packet
I think you mean redhat 7.1 :)
Are any of these components installed suid/sgid on redhat??
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]