On 8/3/01 12:36 AM, "Tony Lambiris" <methodicat_private> wrote: > Yup.. definately your standard buffer overflow.. > > On line 306 of snmpd.c, they have: > char logfile[SNMP_MAXBUF_SMALL]; > > They define SNMP_MAXBUF_SMALL in tools.h as a 512k buffer. > > And last but not least, on line 321 of snmpd.c: > strcpy(logfile, LOGFILE); > --- more below > > On 08.02.01, SECURITY <securityat_private> wrote: >> recently i was using the new rats release and looking the snmpd.c >> from ucd-snmp-4.2.1 y look this problem: >> >> when i launch snmpd with the argīs " -l AAAAAAAA....[455 charīs]" >> i have a core dump... itīs look like a little problem in the code >> when take the -l argument and strcpy to logfile, small buffer = core dump. >> >> I tried it on a i386 with a linux 7.1 but itīs independent from the SO. >> Itīs problem come with ucd-snmp packet > I think you mean redhat 7.1 :) > Are any of these components installed suid/sgid on redhat?? > They're mode 755 (for the executables, at least) and owned by root.root under Red Hat Linux 7.1. Haven't checked other versions, but I did file this as a bug against RHL 7.1. Thanks, Jeff -- _______________________________________________________ Jeff "fdiv_bug" Abbott | Technical Representative jabbottat_private -*- Red Hat, Inc. (919) 547-0012 x 262 | (888) REDHAT-1 x 262 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 21:37:59 PDT