Bug 18153
| Summary: | Format string bug in ucd-snmp | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Chris Evans <chris> |
| Component: | ucd-snmp | Assignee: | Crutcher Dunnavant <crutcher> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.0 | CC: | dr |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2000-10-03 17:56:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I think this is serious, even if default config is not exploitable. Fixed in ucd-snmp-4.1.2-9. |
Not particularly severe for various reasons; - I'm not sure if you ship with syslogging enabled by default - Even if you did, it might not be exploitable - And you don't listen on the snmp network port by default anyway. Still, If we look at ucd-snmp-4.1.2/snmplib/snmp_logging.c: snmp_log_string(): ... #if HAVE_SYSLOG_H if (do_syslogging) { syslog(priority, string); } #endif ... That syslog() call is mising "%s" as a second argument. Classic format string bug. Probably best to patch for the next release, but I doubt it warrants an update unless you _do_ enable syslogging by default. Check it out and update this bug if syslogged is enabled by default.