Vulnerabilities > CVE-2004-2300 - Local Buffer Overflow vulnerability in UCD-SNMPD Command Line Parsing

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

ucd-snmp

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE.

Vulnerable Configurations

Part	Description	Count
Application	Ucd-Snmp UCD Snmp UCD Snmp *	1

Statements

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	Not vulnerable. We did not ship snmpd setuid root in Red Hat Enterprise Linux 2.1, 3, or 4.

References

http://www.packetstormsecurity.org/0405-advisories/snmpdadv.txt
http://www.securityfocus.com/bid/10396
https://exchange.xforce.ibmcloud.com/vulnerabilities/16245