[prev in list] [next in list] [prev in thread] [next in thread] 

List:       net-snmp-bugs
Subject:    [ net-snmp-Bugs-3003981 ] Possible buffer overflow in
From:       "SourceForge.net" <noreply () sourceforge ! net>
Date:       2010-07-08 12:17:34
Message-ID: E1OWq2o-0001Sc-6p () sfs-web-6 ! v29 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Bugs item #3003981, was opened at 2010-05-19 11:04
Message generated for change (Comment added) made by dts12
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=112694&aid=3003981&group_id=12694

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: security
Group: None
> Status: Closed
> Resolution: Fixed
Priority: 5
Private: No
Submitted By: flup35 (flup35)
Assigned to: Nobody/Anonymous (nobody)
Summary: Possible buffer overflow in agent_read_config.c

Initial Comment:
version : 5.4.3.rc3
file       : agent_read_config.c
OS       : Windows/Linux (just based upon reading the code !)

When reading the code, in function snmpd_set_agent_address at line 176 of file \
agent_read_config.c, I see that buf is declared as char buf[SPRINT_MAX_LEN];
SPRINT_MAX_LEN has the value 2560
However, at line 189, the newly read value is appended *without any overflow \
protection* to that stack variable named buf. I suggest snprintf or sprintf_s is used \
(depending upon the used OS)

THIS IS A POTENTIAL SECURITY ISSUE (POSSIBLE BUFFER OVERFLOW EXPLOIT !)

----------------------------------------------------------------------

> Comment By: Dave Shield (dts12)
Date: 2010-07-08 13:17

Message:
SVN revision 19193

----------------------------------------------------------------------

Comment By: Dave Shield (dts12)
Date: 2010-07-08 13:17

Message:
Thanks for the bug report!
We've fixed the problem in the 5.3.x, 5.4.x and 5.5.x
code branches and the main development tree,
so it should be fixed in future releases of the
Net-SNMP package.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=112694&aid=3003981&group_id=12694

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Net-snmp-bugs mailing list
Net-snmp-bugs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-bugs


[prev in list] [next in list] [prev in thread] [next in thread]