I thought that versions prior to ucd-snmp-4.2.3 were vulnerable...? John Lampe https://f00dikator.hn.org/
"Knowledge will forever govern ignorance, and a people who mean to be their own governors, must arm themselves with the power knowledge gives. A popular government without popular information or the means of acquiring it, is but a prologue to a farce or a tragedy or perhaps both." --James Madison ----- Original Message ----- From: "Renaud Deraison" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 12, 2002 9:12 PM Subject: Re: Vulnerabilities in Many Implementations of SNMP > On Tue, Feb 12, 2002 at 03:44:11PM -0000, John Lampe wrote: > > Anyone gotten any traffic on this puppy?...I've had my sniffer logging port > > 161 and 1993 UDP traffic for most of the day and haven't seen a thing.... > > A good start might be to compare the sources of ucd-snmp 4.2.1 and 4.2.2 > (unfortunately, this is quite big). Lots of strings copy have more > careful checks though (I did not check how str_append() was implemented, > so I can't say for sure it's the problem). > > I'll try to give it a shot tonight - motivated people are encouraged to > do the same to help :) > > > -- Renaud
