Mark Atwood (fallenpegasus) wrote,
Mark Atwood

Productive? Maybe. Crashing net-snmp.

I don't know how effectively productive I was today, but I did discover that it's possible to make net-snmp 5.4 crash with a sigseg by sending it what I think is valid AgentX commands.

Of course, it shouldn't crash and sigseg, ever. Even if you pour utter garbage sent to the AgentX port.

This implies that net-snmp running all over the world could be crashed and possibly even powned via AgentX, which is Not Good, given that the AgentX sockets tend to be all-writable, and snmpd tends to run as root.
Tags: geek, snmp, work

  • Post a new comment


    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded