Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 342127 (CVE-2010-2891) - <net-libs/libsmi-0.4.8-r1: Remote Arbitrary Code Execution Vulnerability (CVE-2010-2891)
Summary: <net-libs/libsmi-0.4.8-r1: Remote Arbitrary Code Execution Vulnerability (CVE...
Status: RESOLVED FIXED
Alias: CVE-2010-2891
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.coresecurity.com/content/l...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-22 07:00 UTC by Tim Sammut (RETIRED)
Modified: 2013-12-14 22:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-10-22 07:00:26 UTC
From $url:

Vulnerability Description

A statically allocated buffer is overwritter in the case that a very long Object Identifier is specified in stringified dotted notation to the smiGetNode function of libsmi[1]. This may result in arbitraty code execution by cleverly overwriting key pointers in memory.

4. Vulnerable packages

    * libsmi 0.4.8.
    * Any software that uses the vulnerable function to find a definition from an Object Indentifier specified in stringified dotted notation that is given by the user. The SNMP packets from the protocol that travel over the network do not use this notation for OIDs.

5. Non-vulnerable packages

    * libsmi 0.4.8 patched with the supplied patch.
    * Any future release of libsmi, or current SVN head revision, since this patch was already commited to their repositories.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-10-22 07:01:35 UTC
Rating B2 (and not B1) as I don't believe we use this in any server-type packages.
Comment 2 Jeroen Roovers gentoo-dev 2010-10-22 16:30:27 UTC
There's a patch here:

http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow
Comment 3 Jeroen Roovers gentoo-dev 2010-10-22 16:51:54 UTC
Arch teams, please test and mark stable:
=net-libs/libsmi-0.4.8-r1
Target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 4 Jeroen Roovers gentoo-dev 2010-10-22 16:57:07 UTC
Oops, those aren't stable.
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2010-10-23 00:58:38 UTC
It fails tests but it is not a regression over the current stable. amd64 done
Comment 6 Jeroen Roovers gentoo-dev 2010-10-23 06:04:48 UTC
Stable for HPPA.
Comment 7 Myckel Habets 2010-10-23 20:02:46 UTC
Builds fine on x86. Rdeps build and run fine on x86.

Please mark stable for x86.
Comment 8 Christian Faulhammer (RETIRED) gentoo-dev 2010-10-24 13:30:42 UTC
stable x86, thanks Myckel
Comment 9 Tobias Klausmann gentoo-dev 2010-10-24 14:54:51 UTC
Stable on alpha.
Comment 10 Mark Loeser (RETIRED) gentoo-dev 2010-10-25 19:06:25 UTC
ppc64 done
Comment 11 Jeroen Roovers gentoo-dev 2010-10-27 04:40:13 UTC
Stable for PPC.
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2010-10-30 16:15:07 UTC
ia64/sparc stable
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2010-10-30 16:38:49 UTC
Thanks, folks. GLSA request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 19:33:07 UTC
CVE-2010-2891 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2891):
  Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8
  allows context-dependent attackers to execute arbitrary code via an Object
  Identifier (aka OID) represented as a numerical string containing many
  components separated by . (dot) characters.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2013-12-14 22:56:39 UTC
This issue was resolved and addressed in
 GLSA 201312-10 at http://security.gentoo.org/glsa/glsa-201312-10.xml
by GLSA coordinator Chris Reffett (creffett).