oss-sec mailing list archives
Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability
From: Stefan Cornelius <scorneli () redhat com>
Date: Thu, 16 Apr 2015 14:05:57 +0200
On Mon, 13 Apr 2015 13:44:04 +0800 罗大龙 <luodalongde () gmail com> wrote:
HI there, Greeting! This is Qinghao Tang from QIHU 360 company, China. I am a security researcher there. I'm writing to apply for a CVE ID, for a 0day vulnerability in net-snmp. Please refer to below report.
The upstream patch is here: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/ As linked from the commit, the (currently restricted) upstream bug is: https://sourceforge.net/p/net-snmp/bugs/2615/ Although this leads to crashes at different locations, all of them can be attributed to snmp_pdu_parse() leaving stale netsnmp_variable_list items in the list, so I think one CVE should be enough. In case anyone is interested, the Red Hat bug is: https://bugzilla.redhat.com/show_bug.cgi?id=1212408 Thanks, -- Stefan Cornelius / Red Hat Product Security Come talk to Red Hat Product Security at the Summit! Red Hat Summit 2015 - https://www.redhat.com/summit/
Current thread:
- net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability 罗大龙 (Apr 12)
- Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Stefan Cornelius (Apr 16)
- Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Salvatore Bonaccorso (May 10)
- Message not available
- Message not available
- Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Stefan Cornelius (Apr 16)