24394 2010-10-22 22:46:03 +0400 CVE-2010-2891: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 2010-10-25 18:19:47 +0400 1 1 4 Development Sisyphus libsmi unstable all Linux CLOSED FIXED http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow security P3 blocker --- 1 crux shaba shaba qa-sisyphus oldest_to_newest 114163 0 crux 2010-10-22 22:46:03 +0400 A statically allocated buffer is overwritter in the case that a very long Object Identifier is specified in stringified dotted notation to the smiGetNode function of libsmi. This may result in arbitraty code execution by cleverly overwriting key pointers in memory. Fix avaliable in the advisory 114258 1 repository-robot 2010-10-25 18:19:47 +0400 libsmi-0.4.8-alt2 -> sisyphus: * Mon Oct 25 2010 Alexey Shabalin <shaba@altlinux> 0.4.8-alt2 - some backports - security fix: CVE-2010-2891 (ALT #24394)