Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Net-SNMP, denial of service

September 2008 by Vigil@nce

An attacker can use IPv6 packets in order to create a denial of service in snmplib.

- Gravity: 2/4
- Consequences: denial of service of service
- Provenance: internet client
- Means of attack: no proof of concept, no attack
- Ability of attacker: expert (4/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: medium (2/3)
- Creation date: 08/09/2008
- Identifier: VIGILANCE-VUL-8094

IMPACTED PRODUCTS

- Net-SNMP [confidential versions]

DESCRIPTION

The snmplib library supports queries on IPv6. IPv6 addresses are formatted by following functions:
- netsnmp_tcp6_fmtaddr() of snmpTCPIPv6Domain.c
- netsnmp_udp6_fmtaddr() of snmpUDPIPv6Domain.c

However, these functions use a temporary array short of 10 characters. A non simplified IPv6 address (not containing zeros, such as 1111:2222:3333:4444:5555:6666:7777:8888) therefore create a buffer overflow in a sprintf() function.

This overflow stops applications linked to libsnmp. Code execution is difficult because only "0-9a-f:[]" characters are used.

CHARACTERISTICS

- Identifiers: VIGILANCE-VUL-8094
- Url: https://vigilance.aql.fr/tree/1/8094




See previous articles

    

See next articles