oss-sec mailing list archives
[cve-request () mitre org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1]
From: Seth Arnold <seth.arnold () canonical com>
Date: Thu, 25 Jun 2020 19:06:21 +0000
Hello, I'd lke to share a cve assigned to net-snmp for an issue that may not have affected any released versions of net-snmp but affected various distro versions of net-snmp. Thanks ----- Forwarded message from cve-request () mitre org ----- Date: Thu, 25 Jun 2020 05:15:14 -0400 (EDT) From: cve-request () mitre org To: security () ubuntu com Cc: cve-request () mitre org Subject: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1 Message-Id: <20200625091514.8124480B76E () smtprhmv1 mitre org> X-MailControl-ReportSpam: https://www.mailcontrol.com/sr/VfMHRVT2LfHGX2PQPOmvUkjDae7bB5IgIMT0o87Yr8XX7dUK1PjRtmIgzLM3PrMtWFfXRAbpUYiTKOxjbsImtQ== -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
[Suggested description] net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. ------------------------------------------ [Additional Information] If I've followed the breadcrumbs correctly, this was introduced via https://github.com/net-snmp/net-snmp/commit/adc9b71aba9168ec64149345ea37a1acc11875c6 which was apparently incorporated into Debian, Ubuntu, Red Hat packages, even if not included in upstream releases. A double free was discovered in usm_free_usmStateReference() in unreleased development versions of net-snmp. ------------------------------------------ [VulnerabilityType Other] double-free ------------------------------------------ [Vendor of Product] net-snmp ------------------------------------------ [Affected Product Code Base] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1 ------------------------------------------ [Affected Component] usm_free_usmStateReference() usm_rgenerate_out_msg() free_agent_snmp_session() ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Denial of Service] true ------------------------------------------ [Attack Vectors] An authorized remote user can trigger this via a command given at https://sourceforge.net/p/net-snmp/bugs/2923/#6789: snmpbulkget -v3 -Cn1 -Cr1472 -lauthPriv -u testuser -a SHA -A testsha1234 -x AES -X testaes1234 localhost 1.3.6.1.2.1.1.5 1.3.6.1.2.1.1.7 ------------------------------------------ [Reference] https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027 https://bugzilla.redhat.com/show_bug.cgi?id=1663027 https://sourceforge.net/p/net-snmp/bugs/2923/ https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9 ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true
Use CVE-2019-20892. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJe9Gq+AAoJEPNX0OmQPkAIQqEP/3t3ZrdDKKQSY/OLz27sFHNm LqpQIlV5ukyfM8vCF8vp5a2yN2rJSrwmMUuDHppqAdyW/n4js5mXcsVbHsphMvoU srqbuL1DmTW8J3MD4edVBRHi3Ag42Xnacz44w9n5DofWjJDj5j7AY5kUUiqtzzrd VPjNaA398/4NoMPZj07Cqa/uN5uNJc6AJnwzxRFfae0HD75qOiCwvlnLxNfX+rDn /jyziyPTZNAQObqhXr1VDVKbDsTA53Znf7C/Joj8QyYlDHL4FFJrP8jwjzzVCRWA 1jUcVpKcRSryuclG84JmWyY0qIj5IlqPqBs1Y2lp74DtBlO+GjI7ZLZYlAAGTIDq cMq/PNO2teHsWaZNFPa3hR/ezR71ihahke/2Dj93A+Z7ytST3f0edhgtPTietWAf ytrStPbppBg8bztWBvrsQEWj0o8kVUZXvLM9Gen5agOBhXHR+QM9i1tH8Vot+V3K M9QyW79n8pUq7cWBaVQMyMzrwnsDgk85WhQR13eVBLzNjPLatAjBxDlJszSaO4UR VHus9O/4a9Qa0eW1+V2KAtOgUr8aLnUxKPDMNYIXk2BqemznVBpjvdUwRhdH9yo3 2l2rEyxvSLUOYGbOqwPXot0Sm2CNQN6l4ISjvDgXHqXdYzHeeV2RaMkOjtARblLT BFmzz9v4hNYJxdJgfYZU =O66Z -----END PGP SIGNATURE----- ----- End forwarded message -----
Attachment:
signature.asc
Description:
Current thread:
- [cve-request () mitre org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1] Seth Arnold (Jun 25)