Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] bug in snmp library

From: David Fifield <david () bamsoftware com>
Date: Sun, 13 Dec 2009 18:07:46 -0700
On Thu, Dec 10, 2009 at 02:35:33PM +0200, Victor Rudnev wrote:

I found in snmp.lua a bug with encoding snmp oid string

Let's see
We need to set (int) 100 in a OID
'.1.3.6.1.4.1.4935.1000.100.200.100.800.1.100.400.100.0' and will use
snmpset tool and snmp.lua for that

snmp.lua
.....
#
U 192.168.1.222:32792 -> 192.168.1.151:161
  30 30 02 01 00 04 06 70    75 62 6c 69 63 a3 23 02    00.....public.#.
  02 01 44 02 01 00 02 01    00 30 17 30 15 06 10 2b    ..D......0.0...+
  06 01 04 01 47 e8 64 c8    64 20 01 64 90 64 00 02    ....G.d.d .d.d..
  01 64                                                 .d
#
U 192.168.1.151:161 -> 192.168.1.222:32792
  30 30 02 01 00 04 06 70    75 62 6c 69 63 a2 23 02    00.....public.#.
  02 01 44 02 01 02 02 01    01 30 17 30 15 06 10 2b    ..D......0.0...+
  06 01 04 01 47 e8 64 c8    64 20 01 64 90 64 00 02    ....G.d.d .d.d..
  01 64


$ snmpset -c public -v 1 192.168.1.151
.1.3.6.1.4.1.4935.1000.100.200.100.800.1.100.400.100.0 i 100
...
#
U 192.168.1.222:32792 -> 192.168.1.151:161
  30 37 02 01 00 04 06 70    75 62 6c 69 63 a3 2a 02    07.....public.*.
  04 45 f6 c4 19 02 01 00    02 01 00 30 1c 30 1a 06    .E.........0.0..
  15 2b 06 01 04 01 a6 47    87 68 64 81 48 64 86 20    .+.....G.hd.Hd.
  01 64 83 10 64 00 02 01    64                         .d..d...d
#
U 192.168.1.151:161 -> 192.168.1.222:32792
  30 37 02 01 00 04 06 70    75 62 6c 69 63 a2 2a 02    07.....public.*.
  04 45 f6 c4 19 02 01 00    02 01 00 30 1c 30 1a 06    .E.........0.0..
  15 2b 06 01 04 01 a6 47    87 68 64 81 48 64 86 20    .+.....G.hd.Hd.
  01 64 83 10 64 00 02 01    64                         .d..d...d

So, we could compare encoded OID string in both cases which are not the same

snmp.lua : 2b 06 01 04 01 47 e8 64 c8 64 20 01 64 90 64 00 | 02 01 64

snmpset : 2b 06 01 04 01 a6 47 87 68 64 81 48 64 86 20 01 64 83 10 64 00 |
02 01 64

As a result I get "0x02 -- The name of the requested object was not found"
in error field of response..


Thanks for the detailed bug report. This should be fixed in r16266. The
problem was that the code didn't correctly handle OID component values
greater than 127. It just took them mod 256 and stored the octet, which
is incorrect. For example, 1000 would encode to e8 instead of 87 68.

If you're running from a Subversion checkout, try updating, or if not,
replace your copy of snmp.lua with http://nmap.org/svn/nselib/snmp.lua
and see if it works now.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: