(CERT Advisory)
Frank.Fock____t-online.de
Frank.Fock____t-online.de
Tue Feb 19 16:18:33 CET 2002
Gary,
The bug can be used for a DoS (crash the agent). It is not
a buffer overflow, instead it is more or less the opposite.
If the length of a variable binding is given longer than
the actual data is AND this length is a particular (very long)
one, then an array bounds read/write could be caused. But as the
attacker cannot place any code there to change the methods return
address, I think the execution of malicious code would not
be possible.
Hope this helps.
Best regards,
Frank
Gary McWilliams schrieb:
> Frank,
>
> do you have specific details of what the issues are
> (were) with versions of
> SNMP++ before 3.1.4b?
>
> I have upgraded to 3.1.6, but my QA & marketing guys are
> asking me to find
> out what to tell clients.
>
> Is there a 'major' issue that *requires* clients to
> upgrade?
> For example, is the most serious problem a DoS issue, or
> could the issue
> cause execution of malicious code?
>
> My own code runs on win2k. Are there different issues
> with windows / *nix
> code?
>
>
>
>
> -----Original Message-----
> From: Frank.Fock____t-online.de
> [mailto:Frank.Fock at t-online.de]
> Sent: 18 February 2002 19:00
> To: Vasay, Al
> Cc: agentpp-dl____agentpp.com
> Subject: Re: SNMP Vulnerability
>
>
>
> Al,
>
> I posted a message regarding the CERT/CC Advisory a few
> days
> ago to the AGENT++ mailing list. The answer to your
> question is:
> Yes, SNMP++ before v3.1.4b had a problem regarding this.
> AGENT++ is not affected. So upgrade to v3.1.5 and
> recompile
> everything.That's all.
>
> Hope this helps.
>
> Best regards,
> Frank
>
> "Vasay, Al" wrote:
>
> >Hi,
> >
> >Is anybody aware of this news? Are we AGENT++ users
> affected by this?
> >
> >Excerpt from a Bruce Scheidner essay.
> >
> >"A large SNMP vulnerability has been announced,
> affecting hundreds of
> >
> >products. This vulnerabilty has been known in the
> security community since
> >
> >at least October, but has been held from the public for
> so long so that
> >
> >vendors would have time to patch their products. I'll
> write more about
> >
> >this next month."
> >
> ><http://www.counterpane.com/alert-snmp.html>
> >
> ><http://www.cert.org/advisories/CA-2002-03.html>
> >
> ><http://www.ee.oulu.fi/research/ouspg/protos/testing/c0
> 6/snmpv1/>
> >
> ><http://www.counterpane.com/pr-snmp.html>
> >
> >Thanks, Al Vasay Diebold, Inc. North Canton, OH U.S.A
>
>
>
>
>
> ________________________________________________________
> _________
> Chat with friends online, try MSN Messenger:
> http://messenger.msn.com
>
>
>
More information about the AGENTPP
mailing list