Re: SNMP vulnerabilities

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 13 Feb 2002 03:50:05 +0100

On Wednesday 13 February 2002 01.55, Henrik Nordstrom wrote:

> However, even this minimal audit revealed a minor possible issue
> related to community strings (off-by-one error in length). It is
> not very likely to be exploitable, but maybe could trigger a crash
> in some conditions. There is also plenty of memory leaks in the
> same area, I can easily trigger a leak of 4096+129 bytes per SNMP
> query (actually I almost cannot trigger not to leak this amount).
> Now fixed in head. Will test if there is more leaks, then publish a
> 2.5 patch.

Have now audited the code a little a bit further, and the request
parsing seems to be pretty safe for buffer overflows, but will leak
memory on many types of malformed requests. The bailout codepaths are
not very structured, and almost always forgets to clean up locals..

Regards
Henrik
Received on Tue Feb 12 2002 - 19:49:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:47 MST