Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability

[罗大龙 <luodalongde () gmail com>]

Detail info：
https://sourceforge.net/p/net-snmp/bugs/2615/

2015-04-21 14:59 GMT+08:00 罗大龙 <luodalongde () gmail com>:

> Hi
>    I using snmp v3 protocol , and these crash info are about client.
>    Net-snmp software had ensure this vulnerability , and I will forward
> the message to you .
>
> 2015-04-20 21:33 GMT+08:00 Raphaël Rigo <ml-oss () syscall eu>:
>
> > Hello,
> >
> > On 13/04/2015 07:44, 罗大龙 wrote:
> > > Greeting! This is Qinghao Tang from QIHU 360  company, China. I am a
> > > security researcher there.
> > >
> > > I'm writing to apply for a CVE ID, for a 0day vulnerability in net-snmp.
> > > Please refer to below report.
> > Thank you for your report, it is very interesting.
> > I'm currently trying to understand the possible impact in one product we
> > are using. I tried to reproduce the crashed but I could not.
> >
> >
> > Would you mind sharing information regarding how you managed to get
> > those crashes ? :
> >
> > > [crash info from /var/log/messages]
> > >
> > > sprint_realloc_integer
> > >
> > > snmpget:0x290a3
> > >
> > > overview:Feb 22 11:37:48 localhost kernel: snmpget[24260]: segfault at
> > 0 ip
> > > 00007f00cbff20a3 sp 00007fff7bf08620 error 4 in
> > > libnetsnmp.so.30.0.3[7f00cbfc9000+ac000]
> > [...]
> >
> > Is it using SNMPv3 or v1 ?
> >
> > Or is it in the client ?
> >
> > Regards,
> > Raphaël Rigo