(CERT Advisory)

Frank.Fock____t-online.de Frank.Fock____t-online.de
Tue Feb 19 16:18:33 CET 2002 

Gary,

The bug can be used for a DoS (crash the agent). It is not
a buffer overflow, instead it is more or less the opposite.
If the length of a variable binding is given longer than
the actual data is AND this length is a particular (very long)
one, then an array bounds read/write could be caused. But as the 
attacker cannot place any code there to change the methods return
address, I think the execution of malicious code would not
be possible.

Hope this helps.

Best regards,
Frank

Gary McWilliams schrieb:
> Frank,
> 
> do you have specific details of what the issues are 
> (were) with versions of  
> SNMP++ before 3.1.4b?
> 
> I have upgraded to 3.1.6, but my QA & marketing guys are 
> asking me to find  
> out what to tell clients.
> 
> Is there a 'major' issue that *requires* clients to 
> upgrade? 
> For example, is the most serious problem a DoS issue, or 
> could the issue  
> cause execution of malicious code?
> 
> My own code runs on win2k. Are there different issues 
> with windows / *nix  
> code?
> 
> 
> 
> 
> -----Original Message-----
> From: Frank.Fock____t-online.de 
> [mailto:Frank.Fock at t-online.de] 
> Sent: 18 February 2002 19:00
> To: Vasay, Al
> Cc: agentpp-dl____agentpp.com
> Subject: Re: SNMP Vulnerability
> 
> 
> 
> Al,
> 
> I posted a message regarding the CERT/CC Advisory a few 
> days 
> ago to the AGENT++ mailing list. The answer to your 
> question is: 
> Yes, SNMP++ before v3.1.4b had a problem regarding this.
> AGENT++ is not affected. So upgrade to v3.1.5 and 
> recompile 
> everything.That's all.
> 
> Hope this helps.
> 
> Best regards,
> Frank
> 
> "Vasay, Al" wrote:
> 
> >Hi,
> >
> >Is anybody aware of this news? Are we AGENT++ users 
> affected by this? 
> >
> >Excerpt from a Bruce Scheidner essay.
> >
> >"A large SNMP vulnerability has been announced, 
> affecting hundreds of 
> >
> >products. This vulnerabilty has been known in the 
> security community since 
> >
> >at least October, but has been held from the public for 
> so long so that 
> >
> >vendors would have time to patch their products. I'll 
> write more about 
> >
> >this next month."
> >
> ><http://www.counterpane.com/alert-snmp.html>
> >
> ><http://www.cert.org/advisories/CA-2002-03.html>
> >
> ><http://www.ee.oulu.fi/research/ouspg/protos/testing/c0
> 6/snmpv1/> 
> >
> ><http://www.counterpane.com/pr-snmp.html>
> >
> >Thanks, Al Vasay Diebold, Inc. North Canton, OH U.S.A
> 
> 
> 
> 
> 
> ________________________________________________________
> _________ 
> Chat with friends online, try MSN Messenger: 
> http://messenger.msn.com 
> 
> 
>

More information about the AGENTPP mailing list