Date: Tue, 21 Jan 2014 15:24:51 -0800 From: Xin Li <delphij@delphij.net> To: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:01.bsnmpd Message-ID: <52DF01C3.4030008@delphij.net> In-Reply-To: <20140116204101.GA40990@caravan.chchile.org> References: <201401142011.s0EKB8Zw082592@freefall.freebsd.org> <20140116204101.GA40990@caravan.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 1/16/14, 12:41 PM, Jeremie Le Hen wrote: > Hi, > > On Tue, Jan 14, 2014 at 08:11:08PM +0000, FreeBSD Security > Advisories wrote: >> >> II. Problem Description >> >> The bsnmpd(8) daemon is prone to a stack-based buffer-overflow >> when it has received a specifically crafted GETBULK PDU request. >> >> III. Impact >> >> This issue could be exploited to execute arbitrary code in the >> context of the service daemon, or crash the service daemon, >> causing a denial-of-service. >> >> IV. Workaround >> >> No workaround is available, but systems not running bsnmpd(8) are >> not vulnerable. > > We are supposed to have SSP in all binaries that should prevent > exploitations from this kind of bugs. I am curious why it hasn't > been mentioned: is it because it didn't work as expected (which > would require some investigation), or is it just an omission? Yes, it does work and will abort the process (results in a Denial of Service) rather than allowing the execution. Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS3wHDAAoJEJW2GBstM+ns31sP/RqXFycq4QOiGzf5gb8fkLmZ 520X/5QBaXYzzMQkJfkw7S6VuszfJALT3wMbJRUe10yBoWz0NSswOOG+RJsxXR4t +Rf1tOnK/wXiGhzbW8mRPkfaThRuxQkhNLpndzwYdxFbCp7aroZZLMsCgXCanHbi OyRFooWsD19Pe1v34/5S/VCHy6TsD45ZTPhuDtkKCEAdoFGOmRfHcGA3CtS8LfE4 4cOJpAWQ6aHXSD5ijpILv10Z6JqbTR2lCow3FOpiXO2ka514WMDpqyFA5vY/ZSBh BoT8Ct5JhJ3mftG8m8xPl3gUQCE48iFj2nuZmFQU/Ny9pjvXFZAQNTk+Vir2xiut Zx770yXM55IaUf9EHN9FN25wiXrj3xIZs1j9Nc2DhuT9IAWAZeokwYFXxkFcXN6b ehRLyYa91iqEF3u6hbUm/Ee2RDxNxa4fALR5yZBYEfStzINSHVA3p2CsxLgwqrkk c8YVzq4PGnGinsDi72oTRJyL673A/svSnqNL/kqsxcz1uBHJsiWr9cKJCiHPmVwG K+i0ijhzU0QP6jOhFfvPMGONCEXqsKaUvwe/Hi3QmGd8mIJFGbTJ07BEPsYgVJXM DKXISnR91zbBvGnH/y3ru6ut5kog+4axoNRNrME6lLkX0TcKuxoAzaxY/SNfiE9P n5P1CVYW+KsLX/T6jV/4 =DBA7 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52DF01C3.4030008>