50812 – snmpd Buffer Overflow (Non-Malicious)

Bug 50812 - snmpd Buffer Overflow (Non-Malicious)

Summary: snmpd Buffer Overflow (Non-Malicious)

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	ucd-snmp
Sub Component:
Version:	7.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Phil Knirsch
QA Contact:	Brock Organ
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-08-03 15:22 UTC by Jeff A. Abbott
Modified:	2015-03-05 01:09 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-09-21 14:16:09 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jeff A. Abbott 2001-08-03 15:22:17 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.2-2smp i686)

Description of problem:
snmpd dumps core when you try to specify a logfile name/path with an
excessively long name. Could this be better handled with an error
condition?

How reproducible:
Always

Steps to Reproduce:
1. Run "/usr/sbin/snmpd -l [extremely long list of characters -- I was
using over 500 A's]"
2. Watch it dump.
	

Actual Results:  It dumped core.

Expected Results:  It would be nice if it did something like "the logfile
name you specified is invalid. please use a shorter name."

Additional info:

As near as I can tell, there's no way to exploit a system or otherwise
cause damage to it with this, but it would be nice if handled it a bit more
cleanly

Comment 1 Wes Hardaker 2001-09-21 14:16:05 UTC

Note: this will be fixed in the shortly released 4.2.2 release.

Comment 2 Phil Knirsch 2002-01-29 14:14:46 UTC

The latest version (4.2.3) is available via rawhide now. This should fix this
problem.

Thanks,

Read ya, Phil

Note You need to log in before you can comment on or make changes to this bug.