Bug 24394

Summary: CVE-2010-2891: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: libsmiAssignee: Alexey Shabalin <shaba>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: shaba
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow

Description Vladimir Lettiev 2010-10-22 22:46:03 MSD 
A statically allocated buffer is overwritter in the case that a very long Object Identifier is specified in stringified dotted notation to the smiGetNode function of libsmi. This may result in arbitraty code execution by cleverly overwriting key pointers in memory.

Fix avaliable in the advisory
Comment 1 Repository Robot 2010-10-25 18:19:47 MSD 
libsmi-0.4.8-alt2 -> sisyphus:

* Mon Oct 25 2010 Alexey Shabalin <shaba@altlinux> 0.4.8-alt2
- some backports
- security fix: CVE-2010-2891 (ALT #24394)