CVE-2005-1246

snmppd 0.4.5 - Remote Code Execution via Format String in snmppd_log

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1246. PoCs published by cybertronic.

AI-analyzed exploit summary This exploit targets a format string vulnerability in the Snmppd SNMP proxy daemon (CVE-2005-1246). It leverages a buffer overflow to overwrite the GOT entry of strdup and execute shellcode, providing either a bind or reverse shell.

Description

Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call.

Exploits (1)

exploitdb WORKING POC VERIFIED
by cybertronic · cremotelinux
https://www.exploit-db.com/exploits/970

This exploit targets a format string vulnerability in the Snmppd SNMP proxy daemon (CVE-2005-1246). It leverages a buffer overflow to overwrite the GOT entry of strdup and execute shellcode, providing either a bind or reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Snmppd SNMP proxy daemon 0.4.5
No auth needed
Prerequisites: Network access to the vulnerable Snmppd service · Target system running a vulnerable version of Snmppd
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0022.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15120

Scores

EPSS 0.0738
EPSS Percentile 93.6%

Details

Status published
Products (7)
vladislav_bogdanov/snmppd 0.4
vladislav_bogdanov/snmppd 0.4.1
vladislav_bogdanov/snmppd 0.4.2
vladislav_bogdanov/snmppd 0.4.3
vladislav_bogdanov/snmppd 0.4.3_special
vladislav_bogdanov/snmppd 0.4.4
vladislav_bogdanov/snmppd 0.4.5
Published Apr 24, 2005
Tracked Since Feb 18, 2026