Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Vigil@nce: Net-SNMP, denial of service

September 2008 by Vigil@nce

An attacker can use IPv6 packets in order to create a denial of service in snmplib.

- Gravity: 2/4
- Consequences: denial of service of service
- Provenance: internet client
- Means of attack: no proof of concept, no attack
- Ability of attacker: expert (4/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: medium (2/3)
- Creation date: 08/09/2008
- Identifier: VIGILANCE-VUL-8094


- Net-SNMP [confidential versions]


The snmplib library supports queries on IPv6. IPv6 addresses are formatted by following functions:
- netsnmp_tcp6_fmtaddr() of snmpTCPIPv6Domain.c
- netsnmp_udp6_fmtaddr() of snmpUDPIPv6Domain.c

However, these functions use a temporary array short of 10 characters. A non simplified IPv6 address (not containing zeros, such as 1111:2222:3333:4444:5555:6666:7777:8888) therefore create a buffer overflow in a sprintf() function.

This overflow stops applications linked to libsnmp. Code execution is difficult because only "0-9a-f:[]" characters are used.


- Identifiers: VIGILANCE-VUL-8094
- Url:

See previous articles


See next articles