Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[cve-request () mitre org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1]

Related Vulnerabilities: CVE-2019-20892  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
[cve-request () mitre org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1]

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Seth Arnold &lt;seth.arnold () canonical com&gt;

Date: Thu, 25 Jun 2020 19:06:21 +0000

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hello, I'd lke to share a cve assigned to net-snmp for an issue that may
not have affected any released versions of net-snmp but affected various
distro versions of net-snmp.

Thanks

----- Forwarded message from cve-request () mitre org -----

Date: Thu, 25 Jun 2020 05:15:14 -0400 (EDT)
From: cve-request () mitre org
To: security () ubuntu com
Cc: cve-request () mitre org
Subject: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1
Message-Id: &lt;20200625091514.8124480B76E () smtprhmv1 mitre org&gt;
X-MailControl-ReportSpam: 
https://www.mailcontrol.com/sr/VfMHRVT2LfHGX2PQPOmvUkjDae7bB5IgIMT0o87Yr8XX7dUK1PjRtmIgzLM3PrMtWFfXRAbpUYiTKOxjbsImtQ==

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

[Suggested description]
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c 
via an SNMPv3
GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions,
but might not affect an upstream release.

------------------------------------------

[Additional Information]
If I've followed the breadcrumbs correctly, this was introduced via
https://github.com/net-snmp/net-snmp/commit/adc9b71aba9168ec64149345ea37a1acc11875c6
which was apparently incorporated into Debian, Ubuntu, Red Hat
packages, even if not included in upstream releases.

A double free was discovered in usm_free_usmStateReference() in unreleased development versions of net-snmp.

------------------------------------------

[VulnerabilityType Other]
double-free

------------------------------------------

[Vendor of Product]
net-snmp

------------------------------------------

[Affected Product Code Base]
net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1

------------------------------------------

[Affected Component]
usm_free_usmStateReference()
usm_rgenerate_out_msg()
free_agent_snmp_session()

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Denial of Service]
true

------------------------------------------

[Attack Vectors]
An authorized remote user can trigger this via a command given at https://sourceforge.net/p/net-snmp/bugs/2923/#6789:
snmpbulkget  -v3 -Cn1 -Cr1472  -lauthPriv -u testuser -a SHA -A testsha1234 -x AES -X testaes1234 localhost    
1.3.6.1.2.1.1.5 1.3.6.1.2.1.1.7

------------------------------------------

[Reference]
https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027
https://bugzilla.redhat.com/show_bug.cgi?id=1663027
https://sourceforge.net/p/net-snmp/bugs/2923/
https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

Use CVE-2019-20892.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJe9Gq+AAoJEPNX0OmQPkAIQqEP/3t3ZrdDKKQSY/OLz27sFHNm
LqpQIlV5ukyfM8vCF8vp5a2yN2rJSrwmMUuDHppqAdyW/n4js5mXcsVbHsphMvoU
srqbuL1DmTW8J3MD4edVBRHi3Ag42Xnacz44w9n5DofWjJDj5j7AY5kUUiqtzzrd
VPjNaA398/4NoMPZj07Cqa/uN5uNJc6AJnwzxRFfae0HD75qOiCwvlnLxNfX+rDn
/jyziyPTZNAQObqhXr1VDVKbDsTA53Znf7C/Joj8QyYlDHL4FFJrP8jwjzzVCRWA
1jUcVpKcRSryuclG84JmWyY0qIj5IlqPqBs1Y2lp74DtBlO+GjI7ZLZYlAAGTIDq
cMq/PNO2teHsWaZNFPa3hR/ezR71ihahke/2Dj93A+Z7ytST3f0edhgtPTietWAf
ytrStPbppBg8bztWBvrsQEWj0o8kVUZXvLM9Gen5agOBhXHR+QM9i1tH8Vot+V3K
M9QyW79n8pUq7cWBaVQMyMzrwnsDgk85WhQR13eVBLzNjPLatAjBxDlJszSaO4UR
VHus9O/4a9Qa0eW1+V2KAtOgUr8aLnUxKPDMNYIXk2BqemznVBpjvdUwRhdH9yo3
2l2rEyxvSLUOYGbOqwPXot0Sm2CNQN6l4ISjvDgXHqXdYzHeeV2RaMkOjtARblLT
BFmzz9v4hNYJxdJgfYZU
=O66Z
-----END PGP SIGNATURE-----

----- End forwarded message -----
Attachment:
signature.asc
Description: 

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

[cve-request () mitre org: Re: [scr916814] net-snmp - Perhaps only unreleased development versions; fix appears to be in v5.8.1.pre1] Seth Arnold (Jun 25)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started