Re: [FreeBSD-Announce] FreeBSD Security Advisory
Hi,
On Tue, Jan 14, 2014 at 08:11:08PM +0000, FreeBSD Security Advisories wrote:
>
> II. Problem Description
>
> The bsnmpd(8) daemon is prone to a stack-based buffer-overflow when it
> has received a specifically crafted GETBULK PDU request.
>
> III. Impact
>
> This issue could be exploited to execute arbitrary code in the context of
> the service daemon, or crash the service daemon, causing a denial-of-service.
>
> IV. Workaround
>
> No workaround is available, but systems not running bsnmpd(8) are not
> vulnerable.
We are supposed to have SSP in all binaries that should prevent
exploitations from this kind of bugs. I am curious why it hasn't been
mentioned: is it because it didn't work as expected (which would require
some investigation), or is it just an omission?
Regards,
--
Jeremie Le Hen
Scientists say the world is made up of Protons, Neutrons and Electrons.
They forgot to mention Morons.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 34 之 37 篇):