SNMPPD SNMP Proxy Daemon Remote Format String Vulnerability

Bugtraq ID:	13348
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 25 2005 12:00AM
Updated:	Apr 25 2005 12:00AM
Credit:	"dong-hun you" <[email protected]> is credited with the discovery of this issue.
Vulnerable:	SNMPPD SNMP Proxy Daemon 0.4.5 SNMPPD SNMP Proxy Daemon 0.4.4 SNMPPD SNMP Proxy Daemon 0.4.3 SNMPPD SNMP Proxy Daemon 0.4.2 SNMPPD SNMP Proxy Daemon 0.4.1 SNMPPD SNMP Proxy Daemon 0.4
Not Vulnerable:

SNMPPD SNMP Proxy Daemon Remote Format String Vulnerability

A remote format string vulnerability affects the SNMPPD SNMP Proxy Daemon. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to using it in a formatted-printing function.

A remote attacker may leverage this issue to execute arbitrary code within the context of the affected application; this may facilitate unauthorized access and privilege escalation.

SNMPPD SNMP Proxy Daemon Remote Format String Vulnerability

cybertronic[at]gmx[dot]net has provided the following exploit:

• /data/vulnerabilities/exploits/SnmppdSNMPExp.c

SNMPPD SNMP Proxy Daemon Remote Format String Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

SNMPPD SNMP Proxy Daemon Remote Format String Vulnerability

References:

• SNMPPD Home Page (SNMPPD)
  
• [INetCop Security Advisory] Snmppd potentially format string vulnerability ("dong-hun you" )