Bug 1173453 - (CVE-2019-20892) VUL-0: CVE-2019-20892: net-snmp: double free in usm_free_usmStateReference function in snmplib/snmpusm.c via an SNMPv3 GetBulk request
(CVE-2019-20892)
VUL-0: CVE-2019-20892: net-snmp: double free in usm_free_usmStateReference fu...
Status: RESOLVED WORKSFORME
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/262310/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-29 06:15 UTC by Wolfgang Frisch
Modified: 2020-07-14 16:55 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Wolfgang Frisch 2020-07-14 16:37:40 UTC
Reproducer:
net-snmp-create-v3-user -A testsha1234 -a SHA -X testaes1234 -x AES testuser
systemctl start snmpd
snmpwalk -v3 -l authPriv -u testuser -a SHA -A "testsha1234" -x AES -X "testaes1234" localhost sysDescr.0 -n crash

Unexpected result:
snmp daemon crashes (core-dump)

Expected result:
SNMPv2-MIB::sysDescr.0 = STRING: Linux localhost.localdomain 3.10.0-957.el7.x86_64 #1 SMP Thu Oct 4 20:48:51 UTC 2018 x86_64
Comment 2 Wolfgang Frisch 2020-07-14 16:47:03 UTC
SUSE:SLE-11-SP1:Update   net-snmp   Not affected [1]
SUSE:SLE-12-SP1:Update   net-snmp   Not affected [1]
SUSE:SLE-15:Update       net-snmp   Not affected [1]
SUSE:SLE-15-SP1:Update   net-snmp   Not affected [1]
SUSE:SLE-15-SP2:Update   net-snmp   Not affected [1]

[1] not reproducible
Comment 3 Wolfgang Frisch 2020-07-14 16:55:30 UTC
It appears the bug was introduced in 5.8 which we don't ship yet.