Bugzilla – Bug 759352
VUL-0: net-snmp: remote denial of service by array over read
Last modified: 2013-07-08 10:16:51 UTC
from oss-sec, issue is public. From: Jan Lieskovsky <jlieskov@redhat.com> Date: Thu, 26 Apr 2012 13:23:08 +0200 Subject: [oss-security] CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) Hello Kurt, Steve, vendors, an array index error, leading to out-of heap-based buffer read flaw was found in the way net-snmp agent performed entries lookup in the extension table. When certain MIB subtree was handled by the extend directive, a remote attacker having read privilege to the subtree could use this flaw to cause a denial of service (snmpd crash) via SNMP GET request involving a non-existent extension table entry. References: [1] https://bugzilla.redhat.com/show_bug.cgi?id=815813
Created attachment 488303 [details] net-snmp.patch from redhat patch from redhats bugzilla
From Nelson Marques via security@ > One of the members from my team has identified a flaw that allows remote DoS of snmpd, an array index error that leads to out of heap-based buffer read flaw in the way net-snmpd agent performs entry lookups in the extension table. When certain MIB subtree was handled by the extend directive, a remote attacker having read priviledge to the subtree can use this flaw to cause a denial of service (snmpd crash) via SNMP GET request involving a non-existent extension table entry.
According to the latest information we got from Red Hat, this has been assigned CVE-2012-2141.
bugbot adjusting priority
The SWAMPID for this issue is 47185. This issue was rated as moderate. Please submit fixed packages until 2012-05-18. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
This is an autogenerated message for OBS integration: This bug (759352) was mentioned in https://build.opensuse.org/request/show/120977 Factory / net-snmp
Submitted to: openSUSE:Factory (SR #120977). openSUSE 11.4 and 12.1 (MR #120981).
sle10 was also submitted already and checked in. sle11 missing, also needs planned updates, see 754839
sle10 also has a number of planned updates, are they all included? bug 692468, bug 677349 and bug 702314
Marcus, sorry for the delay with the submissions. The current status is: SLE 10-SP4: - bug #692468: already included in the latest update - bug #677349: already included in the latest update - bug #702314: wrong bug number ;) - bug #702134: already included in the latest update - bug #762433: PTF provided, I'd like to wait for feedback and include the fix in this update Bottom line: the planned updates you mentioned are for 10-SP3-LTSS only. The update will be resubmitted once I get feedback on bug #762433. SLE 11-SP1/SP2: - bug #762887: patch available and PTF on the way, I'd like to wait for feedback and include the fix in this update - bug #670789: already done, I just need to test it better
openSUSE-SU-2012:0659-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 759352 CVE References: CVE-2012-2141 Sources used: openSUSE 12.1 (src): net-snmp-5.7.1-3.8.1 openSUSE 11.4 (src): net-snmp-5.6.1-4.32.1
All packages were submitted. Reassigning to Security Team for final handling.
This is an autogenerated message for OBS integration: This bug (759352) was mentioned in https://build.opensuse.org/request/show/122895 Evergreen:11.2 / net-snmp
This is an autogenerated message for OBS integration: This bug (759352) was mentioned in https://build.opensuse.org/request/show/123508 Evergreen:11.2 / net-snmp
done
Update released for: net-snmp, net-snmp-32bit, net-snmp-debuginfo, net-snmp-devel, perl-SNMP Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: net-snmp, net-snmp-32bit, net-snmp-64bit, net-snmp-debuginfo, net-snmp-devel, net-snmp-devel-64bit, net-snmp-x86, perl-SNMP Products: SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Update released for: libsnmp15, libsnmp15-32bit, libsnmp15-x86, net-snmp, net-snmp-debuginfo, net-snmp-debugsource, net-snmp-devel, net-snmp-devel-32bit, perl-SNMP, snmp-mibs Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
*** Bug 826684 has been marked as a duplicate of this bug. ***