(CERT Advisory)
Gary McWilliams
ccc_gmcwilliams____hotmail.com
Tue Feb 19 16:28:01 CET 2002
Yep, that's exactly what I needed. Thanks.
>From: Frank.Fock____t-online.de
>To: Gary McWilliams <ccc_gmcwilliams____hotmail.com>
>CC: agentpp-dl at agentpp.com
>Subject: Re: (CERT Advisory)
>Date: Tue, 19 Feb 2002 16:18:33 +0100 (MET)
>
>Gary,
>
>The bug can be used for a DoS (crash the agent). It is not
>a buffer overflow, instead it is more or less the opposite.
>If the length of a variable binding is given longer than
>the actual data is AND this length is a particular (very long)
>one, then an array bounds read/write could be caused. But as the
>attacker cannot place any code there to change the methods return
>address, I think the execution of malicious code would not
>be possible.
>
>Hope this helps.
>
>Best regards,
>Frank
>
>Gary McWilliams schrieb:
> > Frank,
> >
> > do you have specific details of what the issues are
> > (were) with versions of
> > SNMP++ before 3.1.4b?
> >
> > I have upgraded to 3.1.6, but my QA & marketing guys are
> > asking me to find
> > out what to tell clients.
> >
> > Is there a 'major' issue that *requires* clients to
> > upgrade?
> > For example, is the most serious problem a DoS issue, or
> > could the issue
> > cause execution of malicious code?
> >
> > My own code runs on win2k. Are there different issues
> > with windows / *nix
> > code?
> >
> >
> >
> >
> > -----Original Message-----
> > From: Frank.Fock____t-online.de
> > [mailto:Frank.Fock at t-online.de]
> > Sent: 18 February 2002 19:00
> > To: Vasay, Al
> > Cc: agentpp-dl____agentpp.com
> > Subject: Re: SNMP Vulnerability
> >
> >
> >
> > Al,
> >
> > I posted a message regarding the CERT/CC Advisory a few
> > days
> > ago to the AGENT++ mailing list. The answer to your
> > question is:
> > Yes, SNMP++ before v3.1.4b had a problem regarding this.
> > AGENT++ is not affected. So upgrade to v3.1.5 and
> > recompile
> > everything.That's all.
> >
> > Hope this helps.
> >
> > Best regards,
> > Frank
> >
> > "Vasay, Al" wrote:
> >
> > >Hi,
> > >
> > >Is anybody aware of this news? Are we AGENT++ users
> > affected by this?
> > >
> > >Excerpt from a Bruce Scheidner essay.
> > >
> > >"A large SNMP vulnerability has been announced,
> > affecting hundreds of
> > >
> > >products. This vulnerabilty has been known in the
> > security community since
> > >
> > >at least October, but has been held from the public for
> > so long so that
> > >
> > >vendors would have time to patch their products. I'll
> > write more about
> > >
> > >this next month."
> > >
> > ><http://www.counterpane.com/alert-snmp.html>
> > >
> > ><http://www.cert.org/advisories/CA-2002-03.html>
> > >
> > ><http://www.ee.oulu.fi/research/ouspg/protos/testing/c0
> > 6/snmpv1/>
> > >
> > ><http://www.counterpane.com/pr-snmp.html>
> > >
> > >Thanks, Al Vasay Diebold, Inc. North Canton, OH U.S.A
> >
> >
> >
_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
More information about the AGENTPP
mailing list