Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability

[Stefan Cornelius <scorneli () redhat com>]

On Sun, 10 May 2015 13:06:48 +0200
Salvatore Bonaccorso <carnil () debian org> wrote:

> Hi,
>
> On Thu, Apr 16, 2015 at 02:05:57PM +0200, Stefan Cornelius wrote:
> > On Mon, 13 Apr 2015 13:44:04 +0800
> > 罗大龙 <luodalongde () gmail com> wrote:
> >
> > > HI there,
> > >
> > >
> > >
> > > Greeting! This is Qinghao Tang from QIHU 360  company, China. I
> > > am a security researcher there.
> > >
> > > I'm writing to apply for a CVE ID, for a 0day vulnerability in
> > > net-snmp. Please refer to below report.
> >
> > The upstream patch is here:
> > https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
> >
> > As linked from the commit, the (currently restricted) upstream bug
> > is: https://sourceforge.net/p/net-snmp/bugs/2615/
> >
> > Although this leads to crashes at different locations, all of them
> > can be attributed to snmp_pdu_parse() leaving stale
> > netsnmp_variable_list items in the list, so I think one CVE should
> > be enough.
> >
> >
> > In case anyone is interested, the Red Hat bug is:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1212408
>
> Explicitly adding MITREs CVE assignment team to the CC list.
>
> Any news on this? Unfortunately the upstream bug report ist still
> restricted.
>
> Thanks and regards,
> Salvatore

Hi,

As far as I can tell, this still needs a CVE.

Thanks,
-- 
Stefan Cornelius / Red Hat Product Security