Hi, On Tue, Jan 14, 2014 at 08:11:08PM +0000, FreeBSD Security Advisories wrote: > > II. Problem Description > > The bsnmpd(8) daemon is prone to a stack-based buffer-overflow when it > has received a specifically crafted GETBULK PDU request. > > III. Impact > > This issue could be exploited to execute arbitrary code in the context of > the service daemon, or crash the service daemon, causing a denial-of-service. > > IV. Workaround > > No workaround is available, but systems not running bsnmpd(8) are not > vulnerable.
We are supposed to have SSP in all binaries that should prevent exploitations from this kind of bugs. I am curious why it hasn't been mentioned: is it because it didn't work as expected (which would require some investigation), or is it just an omission? Regards, -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
