• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: LibDB SNPrintF Buffer Overflow Vulnerability

Severity: HIGH

Description:

libdb is an implementation of the Berkeley DB software package. It is distributed by SleepyCat software, and included with many operating systems.

A problem in the package has been identified that may allow users to gain elevated privileges. The problem is due to the insecure wrapper implementation of a secure programming function.

snprintf is a function based on sprintf, a library call used to construct strings in memory based on "printf" formatting. snprintf is implemented in modern versions of the standard C library and is designed as a means to prevent buffer overflows. This is accomplished by the function requiring a parameter representing the maximum amount of data to be written to the string being constructed in memory.

A seperate snprintf function has been built into the affected versions of libdb distributed with some operating systems. This version of snprintf is not the same in design as that built into libc implementations, and does not utilize the maximum string length parameter. The snprintf function compiled into libdb acts as a wrapper, taking text and maximum length limits, passing the format string and arguments to the libc sprintf() function.

A program depending on this version of snprintf is vulnerable to buffer overflows. As numerous programs use libdb, including setuid programs such as sendmail, this may make it possible for a local user to execute arbitrary code, and potentially gain elevated privileges, including root access.

Affected Products:

• Caldera OpenLinux Server 3.1.0
• Caldera OpenLinux Workstation 3.1.0
• Sleepycat Software db 2.7.7

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.