oss-sec mailing list archives

Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 10 May 2015 13:06:48 +0200

Hi,

On Thu, Apr 16, 2015 at 02:05:57PM +0200, Stefan Cornelius wrote:

On Mon, 13 Apr 2015 13:44:04 +0800
罗大龙 <luodalongde () gmail com> wrote:

HI there,



Greeting! This is Qinghao Tang from QIHU 360  company, China. I am a
security researcher there.

I'm writing to apply for a CVE ID, for a 0day vulnerability in
net-snmp. Please refer to below report.


The upstream patch is here:
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/

As linked from the commit, the (currently restricted) upstream bug is:
https://sourceforge.net/p/net-snmp/bugs/2615/

Although this leads to crashes at different locations, all of them can
be attributed to snmp_pdu_parse() leaving stale netsnmp_variable_list
items in the list, so I think one CVE should be enough.


In case anyone is interested, the Red Hat bug is:
https://bugzilla.redhat.com/show_bug.cgi?id=1212408


Explicitly adding MITREs CVE assignment team to the CC list.

Any news on this? Unfortunately the upstream bug report ist still
restricted.

Thanks and regards,
Salvatore

Current thread:

net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability 罗大龙 (Apr 12)
- Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Stefan Cornelius (Apr 16)
  - Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Salvatore Bonaccorso (May 10)
- Message not available
  - Message not available
    - Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability 罗大龙 (Apr 21)