[原文]Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162.
CMU SNMP snmptrapd snmp_input() Function Remote Format String
Remote / Network Access,
Local / Remote,
Loss of Integrity
A remote format string vulnerability exists in CMU SNMP's. The snmptrapd daemon fails to correctly validate user-supplied input which is passed to the snmp_inpt() function. With a specially crafted request including format strings, an attacker can cause arbitrary code execution, resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.