[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:01.bsnmpd
Jeremie Le Hen
jlh at FreeBSD.org
Thu Jan 16 20:41:10 UTC 2014
Hi,
On Tue, Jan 14, 2014 at 08:11:08PM +0000, FreeBSD Security Advisories wrote:
>
> II. Problem Description
>
> The bsnmpd(8) daemon is prone to a stack-based buffer-overflow when it
> has received a specifically crafted GETBULK PDU request.
>
> III. Impact
>
> This issue could be exploited to execute arbitrary code in the context of
> the service daemon, or crash the service daemon, causing a denial-of-service.
>
> IV. Workaround
>
> No workaround is available, but systems not running bsnmpd(8) are not
> vulnerable.
We are supposed to have SSP in all binaries that should prevent
exploitations from this kind of bugs. I am curious why it hasn't been
mentioned: is it because it didn't work as expected (which would require
some investigation), or is it just an omission?
Regards,
--
Jeremie Le Hen
Scientists say the world is made up of Protons, Neutrons and Electrons.
They forgot to mention Morons.
More information about the freebsd-security
mailing list