[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [cve-request@mitre.org: Re: [scr916814] net-snmp - Perhaps only unreleased developmen
From: Seth Arnold <seth.arnold () canonical ! com>
Date: 2020-06-25 19:06:21
Message-ID: 20200625190621.GA1791617 () millbarge
[Download RAW message or body]
Hello, I'd lke to share a cve assigned to net-snmp for an issue that may
not have affected any released versions of net-snmp but affected various
distro versions of net-snmp.
Thanks
----- Forwarded message from cve-request@mitre.org -----
Date: Thu, 25 Jun 2020 05:15:14 -0400 (EDT)
From: cve-request@mitre.org
To: security@ubuntu.com
Cc: cve-request@mitre.org
Subject: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears \
to be in v5.8.1.pre1
Message-Id: <20200625091514.8124480B76E@smtprhmv1.mitre.org>
X-MailControl-ReportSpam: \
https://www.mailcontrol.com/sr/VfMHRVT2LfHGX2PQPOmvUkjDae7bB5IgIMT0o87Yr8XX7dUK1PjRtmIgzLM3PrMtWFfXRAbpUYiTKOxjbsImtQ==
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> [Suggested description]
> net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in \
> snmplib/snmpusm.c via an SNMPv3
> GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux \
> distributions, but might not affect an upstream release.
>
> ------------------------------------------
>
> [Additional Information]
> If I've followed the breadcrumbs correctly, this was introduced via
> https://github.com/net-snmp/net-snmp/commit/adc9b71aba9168ec64149345ea37a1acc11875c6
> which was apparently incorporated into Debian, Ubuntu, Red Hat
> packages, even if not included in upstream releases.
>
> A double free was discovered in usm_free_usmStateReference() in unreleased development \
> versions of net-snmp.
> ------------------------------------------
>
> [VulnerabilityType Other]
> double-free
>
> ------------------------------------------
>
> [Vendor of Product]
> net-snmp
>
> ------------------------------------------
>
> [Affected Product Code Base]
> net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1
>
> ------------------------------------------
>
> [Affected Component]
> usm_free_usmStateReference()
> usm_rgenerate_out_msg()
> free_agent_snmp_session()
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> An authorized remote user can trigger this via a command given at \
> https://sourceforge.net/p/net-snmp/bugs/2923/#6789: snmpbulkget -v3 -Cn1 -Cr1472 -lauthPriv \
> -u testuser -a SHA -A testsha1234 -x AES -X testaes1234 localhost 1.3.6.1.2.1.1.5 \
> 1.3.6.1.2.1.1.7
> ------------------------------------------
>
> [Reference]
> https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027
> https://bugzilla.redhat.com/show_bug.cgi?id=1663027
> https://sourceforge.net/p/net-snmp/bugs/2923/
> https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
Use CVE-2019-20892.
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJe9Gq+AAoJEPNX0OmQPkAIQqEP/3t3ZrdDKKQSY/OLz27sFHNm
LqpQIlV5ukyfM8vCF8vp5a2yN2rJSrwmMUuDHppqAdyW/n4js5mXcsVbHsphMvoU
srqbuL1DmTW8J3MD4edVBRHi3Ag42Xnacz44w9n5DofWjJDj5j7AY5kUUiqtzzrd
VPjNaA398/4NoMPZj07Cqa/uN5uNJc6AJnwzxRFfae0HD75qOiCwvlnLxNfX+rDn
/jyziyPTZNAQObqhXr1VDVKbDsTA53Znf7C/Joj8QyYlDHL4FFJrP8jwjzzVCRWA
1jUcVpKcRSryuclG84JmWyY0qIj5IlqPqBs1Y2lp74DtBlO+GjI7ZLZYlAAGTIDq
cMq/PNO2teHsWaZNFPa3hR/ezR71ihahke/2Dj93A+Z7ytST3f0edhgtPTietWAf
ytrStPbppBg8bztWBvrsQEWj0o8kVUZXvLM9Gen5agOBhXHR+QM9i1tH8Vot+V3K
M9QyW79n8pUq7cWBaVQMyMzrwnsDgk85WhQR13eVBLzNjPLatAjBxDlJszSaO4UR
VHus9O/4a9Qa0eW1+V2KAtOgUr8aLnUxKPDMNYIXk2BqemznVBpjvdUwRhdH9yo3
2l2rEyxvSLUOYGbOqwPXot0Sm2CNQN6l4ISjvDgXHqXdYzHeeV2RaMkOjtARblLT
BFmzz9v4hNYJxdJgfYZU
=O66Z
-----END PGP SIGNATURE-----
----- End forwarded message -----
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic