COMMAND

    libdb.so.1.85.4

SYSTEMS AFFECTED

    Linux

PROBLEM

    There is a severe problem with the db-1.85.4 library's Linux  port
    that can be found on sunsite.unc.edu under:

        /pub/Linux/libs/db-1.85.4-src.tar.gz

    This library contains a  "snprintf" function which breaks  down to
    a common sprintf,  ignoring the size  parameter.  Obviously,  this
    was  thought  to  be  a  terribly  bad work-around for C libraries
    which  don't  contain  an  snprintf  routine  of  their  own.  The
    consequences  of  this  bug  are  obvious:  Any  program  which is
    linked  with  libdb.so.1.85.4  and  relies  on  snprintf(3)  to do
    it's  bounds  checking  doesn't  have  any bounds checking at all.
    Credit goes  to Thomas  Roessler.   It is  presumed that  the same
    applies to vsnprintf.

SOLUTION

    Note  that  recent  linux  C  libraries  contain  an   snprintf(3)
    function of  their own  which does  it's job  properly.  Thus, the
    fix  is  to  simply  remove  snprintf.o  from libdb.  You may also
    rename sprintf() and snprintf() so  that I'm sure that no  program
    will use them.  As they are  also defined in  libc.so, this should
    never cause any problem.