CVE-Request: squid snmp off-by-one

[Sebastian Krahmer <krahmer () suse de>]

Hi

There is an off-by-one in squid when receiving UDP SNMP
requests. The overwrite happens before any ACL/community checks.
There just needs an SNMP port to be configured.

The off-by-one happens on the heap, as buf is declared static.
So depending on your compiler organizing the .bss this might
be better or worse than being placed on the stack. :)

More info and a patch is here:

https://bugzilla.novell.com/show_bug.cgi?id=895773


Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team