CMU SNMP snmptrapd snmp_input() format string

cmusnmp-snmpinput-format-string (24178) The risk level is classified as HighHigh Risk

Description:

CMU SNMP could allow a remote attacker to execute arbitrary commands on the system, caused by a format string vulnerability in the snmptrapd snmp_input() function. A remote attacker could exploit this vulnerability by sending specially-crafted packets to the snmptrapd server running on port 162, allowing the attacker to execute arbitrary code on the system with root privileges.


Consequences:

Gain Access

Remedy:

The CMU SNMP library is no longer supported by the vendor. Current users should switch to a more secure SNMP library.

References:

  • BugTraq Mailing List, Mon Jan 16 2006 - 09:08:25 CST: Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability.
  • CMP SNMP Project Web page: Linux CMU SNMP Project.
  • BID-16267: CMU SNMP SNMPTRAPD Daemon Remote Format String Vulnerability
  • CVE-2006-0250: Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162.
  • OSVDB ID: 22493: CMU SNMP snmptrapd snmp_input() Function Remote Format String
  • SA18525: CMU SNMP snmptrapd Format String Vulnerability
  • VUPEN/ADV-2006-0234: CMU SNMP snmptrapd Trap Request Remote Format String Vulnerability

Platforms Affected:

  • Carnegie Mellon University CMU SNMP 3.6
  • Carnegie Mellon University CMU SNMP 3.7

Reported:

Jan 16, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page