On Tue, Oct 17, 2023 at 02:49:05PM +0200, Martijn van Duren wrote:
> > Currently ax.c doesn't check the maximum length of an OID ax_pdutooid.
> > This can lead to a buffer overflow. Even though it must be fixed, I
> > don't think there's a big risk here, since an attacker would need to have
> > acc
> Currently ax.c doesn't check the maximum length of an OID ax_pdutooid.
> This can lead to a buffer overflow. Even though it must be fixed, I
> don't think there's a big risk here, since an attacker would need to have
> access to the agentx socket, which by default is disabled and defaults
> to ro
Currently ax.c doesn't check the maximum length of an OID ax_pdutooid.
This can lead to a buffer overflow. Even though it must be fixed, I
don't think there's a big risk here, since an attacker would need to have
access to the agentx socket, which by default is disabled and defaults
to root:_agentx