[22105] in bugtraq
Re: snmpd log files long names problems
daemon@ATHENA.MIT.EDU (Tony Lambiris)
Fri Aug 3 10:55:43 2001
Date: Fri, 3 Aug 2001 00:36:34 -0400
From: Tony Lambiris <methodic@libpcap.net>
To: SECURITY <security@eds.com.ar>
Cc: bugtraq@securityfocus.com, secprog@securityfocus.com
Message-ID: <20010803003634.A6929@clotch>
Mail-Followup-To: Tony Lambiris <methodic@libpcap.net>,
SECURITY <security@eds.com.ar>, bugtraq@securityfocus.com,
secprog@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <NFBBLLIEDKFHNDKBCOHBAELNCBAA.security@eds.com.ar>; from security@eds.com.ar on Thu, Aug 02, 2001 at 11:36:30AM -0300
Yup.. definately your standard buffer overflow..
On line 306 of snmpd.c, they have:
char logfile[SNMP_MAXBUF_SMALL];
They define SNMP_MAXBUF_SMALL in tools.h as a 512k buffer.
And last but not least, on line 321 of snmpd.c:
strcpy(logfile, LOGFILE);
--- more below
On 08.02.01, SECURITY <security@eds.com.ar> wrote:
> recently i was using the new rats release and looking the snmpd.c
> from ucd-snmp-4.2.1 y look this problem:
>
> when i launch snmpd with the argīs " -l AAAAAAAA....[455 charīs]"
> i have a core dump... itīs look like a little problem in the code
> when take the -l argument and strcpy to logfile, small buffer = core dump.
>
> I tried it on a i386 with a linux 7.1 but itīs independent from the SO.
> Itīs problem come with ucd-snmp packet
I think you mean redhat 7.1 :)
Are any of these components installed suid/sgid on redhat??
