Vulnerability Development mailing list archives
Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification
From: "Laurence Brockman" <laurence () fluxinc com>
Date: Mon, 18 Feb 2002 13:40:27 -0700
Just to clarify: I've retested the 4.2.2 on the Intel platform and have not been able to reproduce the problems with the -P option that I found with 4.2.1 (Or found on the ppc platform). This is running on Intel, redhat 7.2 with a recent version of glibc. Laurence ----- Original Message ----- From: "Wes Hardaker" <wes () hardakers net> To: "KF" <dotslash () snosoft com> Cc: "Laurence Brockman" <laurence () fluxinc com>; <vuln-dev () security-focus com> Sent: Monday, February 18, 2002 11:08 AM Subject: Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification
On Mon, 18 Feb 2002 07:58:27 -0500, KF <dotslash () snosoft com> said:dotslash> I am using -o with snmptrapd to send outout to file... no dotslash> other options. Yep, and I've tried that. I can only reproduce it on a ppc machine with a really old glibc and it's dying within a call to vsnprintf that otherwise looks perfectly correct (hence my theory). Can you send me the packet you're using to cause the crash (though I've tried the entire test suite without problems on the other various machines). dotslash> Program terminated with signal 11, Segmentation fault. dotslash> #0 0x0fe19090 in strlen () from /lib/libc.so.6 dotslash> 721 dotslash> 722 #ifdef notused dotslash> 723 in_addr_t myaddr; dotslash> 724 oid src[MAX_OID_LEN], dst[MAX_OID_LEN],
context[MAX_OID_LEN];
dotslash> 725 int srclen, dstlen, contextlen; dotslash> 726 char ctmp[300]; dotslash> 727 #endif dotslash> 728 dotslash> 729 /* register our configuration handlers now so -H
properly
dotslash> displays them */ dotslash> 730 register_config_handler("snmptrapd", "traphandle", dotslash> #0 0x0fe19090 in strlen () from /lib/libc.so.6 dotslash> #1 0x0fde8bfc in vfprintf () from /lib/libc.so.6 That's not a proper listing dump, by the way. It doesn't have the source for the place it broke (strlen) so what it's showing you is somewhat random. dotslash> (gdb) bt dotslash> #0 0x0fe19090 in strlen () from /lib/libc.so.6 dotslash> #1 0x0fde8bfc in vfprintf () from /lib/libc.so.6 dotslash> #2 0x0fe09220 in vsnprintf () from /lib/libc.so.6 Right. It's dying in a valid (most likely) call to vsnprintf. -- "Ninjas aren't dangerous. They're more afraid of you than you are of
them."
Current thread:
- UCD-4.2.2 and UCD-4.2.3 snmptrapd verification KF (Feb 16)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Laurence Brockman (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification KF (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Laurence Brockman (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Laurence Brockman (Feb 18)
- Re: UCD-4.2.2 and UCD-4.2.3 snmptrapd verification Wes Hardaker (Feb 18)