Vulnerabilities > CVE-2004-2300 - Local Buffer Overflow vulnerability in UCD-SNMPD Command Line Parsing

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
ucd-snmp

Summary

Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE.

Vulnerable Configurations

Part Description Count
Application
Ucd-Snmp
1

Statements

contributorMark J Cox
lastmodified2006-08-30
organizationRed Hat
statementNot vulnerable. We did not ship snmpd setuid root in Red Hat Enterprise Linux 2.1, 3, or 4.