[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:01.bsnmpd

[Xin Li]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 1/16/14, 12:41 PM, Jeremie Le Hen wrote:
> Hi,
> 
> On Tue, Jan 14, 2014 at 08:11:08PM +0000, FreeBSD Security
> Advisories wrote:
>> 
>> II.  Problem Description
>> 
>> The bsnmpd(8) daemon is prone to a stack-based buffer-overflow
>> when it has received a specifically crafted GETBULK PDU request.
>> 
>> III. Impact
>> 
>> This issue could be exploited to execute arbitrary code in the
>> context of the service daemon, or crash the service daemon,
>> causing a denial-of-service.
>> 
>> IV.  Workaround
>> 
>> No workaround is available, but systems not running bsnmpd(8) are
>> not vulnerable.
> 
> We are supposed to have SSP in all binaries that should prevent 
> exploitations from this kind of bugs.  I am curious why it hasn't
> been mentioned: is it because it didn't work as expected (which
> would require some investigation), or is it just an omission?

Yes, it does work and will abort the process (results in a Denial of
Service) rather than allowing the execution.

Cheers,

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJS3wHDAAoJEJW2GBstM+ns31sP/RqXFycq4QOiGzf5gb8fkLmZ
520X/5QBaXYzzMQkJfkw7S6VuszfJALT3wMbJRUe10yBoWz0NSswOOG+RJsxXR4t
+Rf1tOnK/wXiGhzbW8mRPkfaThRuxQkhNLpndzwYdxFbCp7aroZZLMsCgXCanHbi
OyRFooWsD19Pe1v34/5S/VCHy6TsD45ZTPhuDtkKCEAdoFGOmRfHcGA3CtS8LfE4
4cOJpAWQ6aHXSD5ijpILv10Z6JqbTR2lCow3FOpiXO2ka514WMDpqyFA5vY/ZSBh
BoT8Ct5JhJ3mftG8m8xPl3gUQCE48iFj2nuZmFQU/Ny9pjvXFZAQNTk+Vir2xiut
Zx770yXM55IaUf9EHN9FN25wiXrj3xIZs1j9Nc2DhuT9IAWAZeokwYFXxkFcXN6b
ehRLyYa91iqEF3u6hbUm/Ee2RDxNxa4fALR5yZBYEfStzINSHVA3p2CsxLgwqrkk
c8YVzq4PGnGinsDi72oTRJyL673A/svSnqNL/kqsxcz1uBHJsiWr9cKJCiHPmVwG
K+i0ijhzU0QP6jOhFfvPMGONCEXqsKaUvwe/Hi3QmGd8mIJFGbTJ07BEPsYgVJXM
DKXISnR91zbBvGnH/y3ru6ut5kog+4axoNRNrME6lLkX0TcKuxoAzaxY/SNfiE9P
n5P1CVYW+KsLX/T6jV/4
=DBA7
-----END PGP SIGNATURE-----