LibSMI: smiGetNode Buffer Overflow Vulnerability

Users of LibSMI please be advised of a smiGetNode Buffer Overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

CORE-2010-0819: [CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form

*Vulnerability Description*

A statically allocated buffer is overwritter in the case that a very

long Object Identifier is specified in stringified dotted notation to

the smiGetNode function of libsmi[1]. This may result in arbitraty

code execution by cleverly overwriting key pointers in memory.Read more at http://www.criticalwatch.com

 

Advertisements