oss-sec mailing list archives
CVE-Request: squid snmp off-by-one
From: Sebastian Krahmer <krahmer () suse de>
Date: Tue, 9 Sep 2014 14:13:03 +0200
Hi There is an off-by-one in squid when receiving UDP SNMP requests. The overwrite happens before any ACL/community checks. There just needs an SNMP port to be configured. The off-by-one happens on the heap, as buf is declared static. So depending on your compiler organizing the .bss this might be better or worse than being placed on the stack. :) More info and a patch is here: https://bugzilla.novell.com/show_bug.cgi?id=895773 Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team
Current thread:
- CVE-Request: squid snmp off-by-one Sebastian Krahmer (Sep 09)
- Re: CVE-Request: squid snmp off-by-one cve-assign (Sep 09)