#24394 – CVE-2010-2891: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form

Bug 24394 - CVE-2010-2891: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form

Summary: CVE-2010-2891: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Nu...

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	libsmi (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 blocker
Assignee:	Alexey Shabalin
QA Contact:	qa-sisyphus

URL:	http://www.coresecurity.com/content/l...
Keywords:	security

Depends on:
Blocks:

Reported:	2010-10-22 22:46 MSD by Vladimir Lettiev
Modified:	2010-10-25 18:19 MSD (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2010-10-22 22:46:03 MSD

A statically allocated buffer is overwritter in the case that a very long Object Identifier is specified in stringified dotted notation to the smiGetNode function of libsmi. This may result in arbitraty code execution by cleverly overwriting key pointers in memory.

Fix avaliable in the advisory

Comment 1 Repository Robot 2010-10-25 18:19:47 MSD

libsmi-0.4.8-alt2 -> sisyphus:

* Mon Oct 25 2010 Alexey Shabalin <shaba@altlinux> 0.4.8-alt2
- some backports
- security fix: CVE-2010-2891 (ALT #24394)