That is Correct. Anything prior to 4.2.3 has the vulnerability.
Todd Adamson [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of John Lampe > Sent: Tuesday, February 12, 2002 10:25 AM > To: Renaud Deraison; [EMAIL PROTECTED] > Subject: Re: Vulnerabilities in Many Implementations of SNMP > > > I thought that versions prior to ucd-snmp-4.2.3 were vulnerable...? > > John Lampe > https://f00dikator.hn.org/ > > "Knowledge will forever govern ignorance, and a people who > mean to be their > own governors, must arm themselves with the power knowledge > gives. A popular > government without popular information or the means of > acquiring it, is but > a prologue to a farce or a tragedy or perhaps both." > --James Madison > > ----- Original Message ----- > From: "Renaud Deraison" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, February 12, 2002 9:12 PM > Subject: Re: Vulnerabilities in Many Implementations of SNMP > > > > On Tue, Feb 12, 2002 at 03:44:11PM -0000, John Lampe wrote: > > > Anyone gotten any traffic on this puppy?...I've had my > sniffer logging > port > > > 161 and 1993 UDP traffic for most of the day and haven't seen a > thing.... > > > > A good start might be to compare the sources of ucd-snmp > 4.2.1 and 4.2.2 > > (unfortunately, this is quite big). Lots of strings copy have more > > careful checks though (I did not check how str_append() was > implemented, > > so I can't say for sure it's the problem). > > > > I'll try to give it a shot tonight - motivated people are > encouraged to > > do the same to help :) > > > > > > -- Renaud >
