Yup.. definately your standard buffer overflow.. On line 306 of snmpd.c, they have: char logfile[SNMP_MAXBUF_SMALL]; They define SNMP_MAXBUF_SMALL in tools.h as a 512k buffer. And last but not least, on line 321 of snmpd.c: strcpy(logfile, LOGFILE); --- more below On 08.02.01, SECURITY <securityat_private> wrote: > recently i was using the new rats release and looking the snmpd.c > from ucd-snmp-4.2.1 y look this problem: > > when i launch snmpd with the argīs " -l AAAAAAAA....[455 charīs]" > i have a core dump... itīs look like a little problem in the code > when take the -l argument and strcpy to logfile, small buffer = core dump. > > I tried it on a i386 with a linux 7.1 but itīs independent from the SO. > Itīs problem come with ucd-snmp packet I think you mean redhat 7.1 :) Are any of these components installed suid/sgid on redhat??
This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 22:04:07 PDT