Debian Bug report logs -
#482333
net-snmp: CVE-2008-2292 buffer overflow in __snprint_value function
Reported by: Nico Golde <nion@debian.org>
Date: Wed, 21 May 2008 21:45:02 UTC
Severity: grave
Tags: patch, security
Found in version net-snmp/5.2.0-1
Fixed in versions net-snmp/5.4.1~dfsg-7.1, net-snmp/5.4.1~dfsg-8
Done: Jochen Friedrich <jochen@scram.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>:
Bug#482333; Package net-snmp.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: net-snmp
Version: 5.2.0-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for net-snmp.
CVE-2008-2292[0]:
| Buffer overflow in the __snprint_value function in snmp_get in
| Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows
| remote attackers to cause a denial of service (crash) and possibly
| execute arbitrary code via a large OCTETSTRING in an attribute value
| pair (AVP).
Patch for 5.4 branch:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/branches/V5-4-patches/net-snmp/perl/SNMP/SNMP.xs?r1=16765&r2=16770&view=patch
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
http://security-tracker.debian.net/tracker/CVE-2008-2292
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>:
Bug#482333; Package net-snmp.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #10 received at 482333@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
I intent do upload a 0-day NMU to fix this bug.
Attached is a debdiff for the fix which also includes a fix
for the same issue in the python module.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/net-snmp-5.4.1~dfsg-1_5.4.1~dfsg-7.1.patch
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[net-snmp-5.4.1~dfsg-1_5.4.1~dfsg-7.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 482333-close@bugs.debian.org (full text, mbox, reply):
Source: net-snmp
Source-Version: 5.4.1~dfsg-7.1
We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:
libsnmp-base_5.4.1~dfsg-7.1_all.deb
to pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-7.1_all.deb
libsnmp-dev_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-7.1_amd64.deb
libsnmp-perl_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-7.1_amd64.deb
libsnmp-python_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/libsnmp-python_5.4.1~dfsg-7.1_amd64.deb
libsnmp15_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-7.1_amd64.deb
net-snmp_5.4.1~dfsg-7.1.diff.gz
to pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1.diff.gz
net-snmp_5.4.1~dfsg-7.1.dsc
to pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-7.1.dsc
snmp_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/snmp_5.4.1~dfsg-7.1_amd64.deb
snmpd_5.4.1~dfsg-7.1_amd64.deb
to pool/main/n/net-snmp/snmpd_5.4.1~dfsg-7.1_amd64.deb
tkmib_5.4.1~dfsg-7.1_all.deb
to pool/main/n/net-snmp/tkmib_5.4.1~dfsg-7.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 482333@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated net-snmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 24 May 2008 13:12:16 +0200
Source: net-snmp
Binary: snmpd snmp libsnmp-base libsnmp15 libsnmp-dev libsnmp-perl libsnmp-python tkmib
Architecture: source all amd64
Version: 5.4.1~dfsg-7.1
Distribution: unstable
Urgency: high
Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
libsnmp-base - SNMP (Simple Network Management Protocol) MIBs and documentation
libsnmp-dev - SNMP (Simple Network Management Protocol) development files
libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
libsnmp-python - SNMP (Simple Network Management Protocol) Python support
libsnmp15 - SNMP (Simple Network Management Protocol) library
snmp - SNMP (Simple Network Management Protocol) applications
snmpd - SNMP (Simple Network Management Protocol) agents
tkmib - SNMP (Simple Network Management Protocol) MIB browser
Closes: 482333
Changes:
net-snmp (5.4.1~dfsg-7.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix buffer overflow in the python and perl module (__snprint_value
function)that can be exploited via large OCTETSTRING in an
attribute value pair (AVP) leading to arbitrary code
execution (CVE-2008-2292; Closes: #482333).
Checksums-Sha1:
46bc59a7e827e70e7097661251e578f7f4844f26 1787 net-snmp_5.4.1~dfsg-7.1.dsc
6f55aca627689b0b1fba0fc7765908d04b245cf7 78969 net-snmp_5.4.1~dfsg-7.1.diff.gz
f4e6435b60ccbef03d5ac6d0a76a3343d89b879b 1377702 libsnmp-base_5.4.1~dfsg-7.1_all.deb
c4033a89ddbb460c2c383b1ba20f88ea8989c861 943506 tkmib_5.4.1~dfsg-7.1_all.deb
1f776169e5985010003d53a7f543f7f76c7df277 956622 snmpd_5.4.1~dfsg-7.1_amd64.deb
3d9a56d3fd1d73f78663c12cf4678a3b205429fd 1044018 snmp_5.4.1~dfsg-7.1_amd64.deb
23ddc833447314d385aaec84b8d9a41b36418141 2151802 libsnmp15_5.4.1~dfsg-7.1_amd64.deb
2088bb03c66b6bdd51270bc1427309641b325cf1 2660690 libsnmp-dev_5.4.1~dfsg-7.1_amd64.deb
20f4aa399321291876e48ca8870d6ee2bb1f8011 1024390 libsnmp-perl_5.4.1~dfsg-7.1_amd64.deb
95afa01bdbf392ac4629b824752928fdd47f3da7 918748 libsnmp-python_5.4.1~dfsg-7.1_amd64.deb
Checksums-Sha256:
75d7b12c5a25a24efa9a53312ee17bea8935ab7ee04bab7fdb0af1f4c9863ea7 1787 net-snmp_5.4.1~dfsg-7.1.dsc
a739dddf4f7c4a890b27cfeae8442fb2409d55f534a3510a6be52b3a1d921e1e 78969 net-snmp_5.4.1~dfsg-7.1.diff.gz
3b90fe1720ac3c6e8481e7bca372452fb28721db189a819755f8bdbcb2461241 1377702 libsnmp-base_5.4.1~dfsg-7.1_all.deb
a60fbe5ffc8a65455dffee5004a4c5c85b437b3ba22ff3179967cf076280c3a3 943506 tkmib_5.4.1~dfsg-7.1_all.deb
e0251ae5191c356d2aef0aed17789c75c85b95b5dbbe060674292582ec61500c 956622 snmpd_5.4.1~dfsg-7.1_amd64.deb
4a75e1fe71313288abd529b9ddf9f61ad8509aca96e6acafedf993f2e65ffc26 1044018 snmp_5.4.1~dfsg-7.1_amd64.deb
65c8c22b614778513a7c44e084ceeaf0a715854cc9d989b19d3a6b8b1ff78513 2151802 libsnmp15_5.4.1~dfsg-7.1_amd64.deb
478d55137f781bc6ab409ecceffb89d825fd429fd111e5d5450a9892cfbac9a0 2660690 libsnmp-dev_5.4.1~dfsg-7.1_amd64.deb
e29312cf3130c280869600218526c82166e0e015712d160b3ed8135a1854bcc1 1024390 libsnmp-perl_5.4.1~dfsg-7.1_amd64.deb
8d5853658e6d6681f038abe9e3dff57667bd485db30b2c5aacf0b3e8e6a2585d 918748 libsnmp-python_5.4.1~dfsg-7.1_amd64.deb
Files:
ba959522f2897e255feb8e35005213a2 1787 net optional net-snmp_5.4.1~dfsg-7.1.dsc
6d15354ecd5d987adad8ccd7cda5e2b9 78969 net optional net-snmp_5.4.1~dfsg-7.1.diff.gz
991ddc26c5d0cfee6552dbc0ce49576b 1377702 libs optional libsnmp-base_5.4.1~dfsg-7.1_all.deb
17501f4d835095c05657a995d9434e8f 943506 net optional tkmib_5.4.1~dfsg-7.1_all.deb
efaa0350f2400ed3b0922565980171d1 956622 net optional snmpd_5.4.1~dfsg-7.1_amd64.deb
3fd38ce0aaa7d962836e1787c3686bef 1044018 net optional snmp_5.4.1~dfsg-7.1_amd64.deb
8ca1d4a4294916d2edf3cbb785938d53 2151802 libs optional libsnmp15_5.4.1~dfsg-7.1_amd64.deb
980199e734f1663d8a3b5f848b489ac6 2660690 libdevel optional libsnmp-dev_5.4.1~dfsg-7.1_amd64.deb
83ecd0199397cfd4db853e71fc017443 1024390 perl optional libsnmp-perl_5.4.1~dfsg-7.1_amd64.deb
2c89f178a936e1cce3a86d612edf6629 918748 python optional libsnmp-python_5.4.1~dfsg-7.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIN/1HHYflSXNkfP8RAmoYAJ9lrHddOeQJ38Beyi8QkMxu55ZaVACeMGvs
+UbVSMUeaCcfJ5Jpe1cdbrQ=
=xm1b
-----END PGP SIGNATURE-----
Reply sent to Jochen Friedrich <jochen@scram.de>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #20 received at 482333-close@bugs.debian.org (full text, mbox, reply):
Source: net-snmp
Source-Version: 5.4.1~dfsg-8
We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:
libsnmp-base_5.4.1~dfsg-8_all.deb
to pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-8_all.deb
libsnmp-dev_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-8_sparc.deb
libsnmp-perl_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-8_sparc.deb
libsnmp-python_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/libsnmp-python_5.4.1~dfsg-8_sparc.deb
libsnmp15_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-8_sparc.deb
net-snmp_5.4.1~dfsg-8.diff.gz
to pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-8.diff.gz
net-snmp_5.4.1~dfsg-8.dsc
to pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-8.dsc
snmp_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/snmp_5.4.1~dfsg-8_sparc.deb
snmpd_5.4.1~dfsg-8_sparc.deb
to pool/main/n/net-snmp/snmpd_5.4.1~dfsg-8_sparc.deb
tkmib_5.4.1~dfsg-8_all.deb
to pool/main/n/net-snmp/tkmib_5.4.1~dfsg-8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 482333@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Friedrich <jochen@scram.de> (supplier of updated net-snmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 03 Jun 2008 13:06:57 +0200
Source: net-snmp
Binary: snmpd snmp libsnmp-base libsnmp15 libsnmp-dev libsnmp-perl libsnmp-python tkmib
Architecture: source all sparc
Version: 5.4.1~dfsg-8
Distribution: unstable
Urgency: low
Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>
Changed-By: Jochen Friedrich <jochen@scram.de>
Description:
libsnmp-base - SNMP (Simple Network Management Protocol) MIBs and documentation
libsnmp-dev - SNMP (Simple Network Management Protocol) development files
libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
libsnmp-python - SNMP (Simple Network Management Protocol) Python support
libsnmp15 - SNMP (Simple Network Management Protocol) library
snmp - SNMP (Simple Network Management Protocol) applications
snmpd - SNMP (Simple Network Management Protocol) agents
tkmib - SNMP (Simple Network Management Protocol) MIB browser
Closes: 460587 482333 483588
Changes:
net-snmp (5.4.1~dfsg-8) unstable; urgency=low
.
* NACK NMU as the patch broke perl (Closes: #483588)
* Really fix CVE-2008-2292 using two upstream patches (Closes: #482333)
* Update nl translation (Closes: #460587)
* Update patch for support of long interface names to upstream version
Checksums-Sha1:
cb167ed81b537d5ac814c0acef459e027a15a397 1779 net-snmp_5.4.1~dfsg-8.dsc
c0b858e89f026e89c0769a13fda312ca1f0fc2b3 79077 net-snmp_5.4.1~dfsg-8.diff.gz
be831ada779bc8a0b194ab683ec6910c7a78ab47 1368328 libsnmp-base_5.4.1~dfsg-8_all.deb
5c4c01ac9936080384be89940739cdabe2a0e170 943204 tkmib_5.4.1~dfsg-8_all.deb
dccda172d424c4c0df6359cff548a32b95346f93 956530 snmpd_5.4.1~dfsg-8_sparc.deb
f940a9f46efe4323776b26070bc5644b97e1ba1a 1040470 snmp_5.4.1~dfsg-8_sparc.deb
a119a0364ba629d9ca398b1364b5c244e0c9324c 2011846 libsnmp15_5.4.1~dfsg-8_sparc.deb
cff2a581059bbb27342304d4247bdf5a9d7fd2f6 2623096 libsnmp-dev_5.4.1~dfsg-8_sparc.deb
9fdb08626a5bf2dd4ff4984739342b6a3a15355e 1025258 libsnmp-perl_5.4.1~dfsg-8_sparc.deb
1b44d9074eab050925e16cf79934fe561a644315 917172 libsnmp-python_5.4.1~dfsg-8_sparc.deb
Checksums-Sha256:
822fda6953c9d301837d685f889e9c311c27b243a9d4e2cae08862467292a9dc 1779 net-snmp_5.4.1~dfsg-8.dsc
677cb87eea84fc58800f47b27de54af3dce429cb6cb088599b10304a5999d7e2 79077 net-snmp_5.4.1~dfsg-8.diff.gz
ae7f9dbd16e6b6b871b3f8903ac13998baa1e5aa08c42393d3e319666a487dda 1368328 libsnmp-base_5.4.1~dfsg-8_all.deb
bc709d76be0cc27bbe403a8c5d533ad46ca73fd039bc020f829737c3bdc8a26e 943204 tkmib_5.4.1~dfsg-8_all.deb
f07b1ef85d771ba46c1f49b2ba8508442bbdaefec6c2b4e5b0172006e038d647 956530 snmpd_5.4.1~dfsg-8_sparc.deb
97b328b0812a878fe7ff1aeb4798c101205c6415b118420c6ab68f8a19d77d7f 1040470 snmp_5.4.1~dfsg-8_sparc.deb
1cb29f893047fc8654e4887efea27f5faa55e024af9b64418f38c1224d8f3a89 2011846 libsnmp15_5.4.1~dfsg-8_sparc.deb
71a812aa8ca977ef38b2ff55d45b790cfa87ce8907f82b030f7ed72bcf9e132f 2623096 libsnmp-dev_5.4.1~dfsg-8_sparc.deb
ecf57a42419c240b44cb62103c73e26a6ae102ba3599917cd9aa6d78d05137ca 1025258 libsnmp-perl_5.4.1~dfsg-8_sparc.deb
c967be27b422dc5697c6811c2a3b4188d23faf7022b398010c0aacdfb56bffc4 917172 libsnmp-python_5.4.1~dfsg-8_sparc.deb
Files:
746a324412b65f096d560a111559b72e 1779 net optional net-snmp_5.4.1~dfsg-8.dsc
72ec52bee056501fff5308486a8fa233 79077 net optional net-snmp_5.4.1~dfsg-8.diff.gz
66be9bab6c62cf3104a515433a8cbbb1 1368328 libs optional libsnmp-base_5.4.1~dfsg-8_all.deb
0132c93b36099e1be88a1c540604765c 943204 net optional tkmib_5.4.1~dfsg-8_all.deb
cdeafd672db14a04f76481d49744d20d 956530 net optional snmpd_5.4.1~dfsg-8_sparc.deb
4b3a4774b6cbb62818a1ed73d3615108 1040470 net optional snmp_5.4.1~dfsg-8_sparc.deb
500628c1c0f53584437552692ddeb171 2011846 libs optional libsnmp15_5.4.1~dfsg-8_sparc.deb
a783fa0eb4e5e72c376ce0e7d0d2d083 2623096 libdevel optional libsnmp-dev_5.4.1~dfsg-8_sparc.deb
c66e010b6ed7bfad60487993ded8aabf 1025258 perl optional libsnmp-perl_5.4.1~dfsg-8_sparc.deb
8a1ad531accedd956c60f77c9799acb8 917172 python optional libsnmp-python_5.4.1~dfsg-8_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIRVI40fhX0Y/ocz0RAn5lAKCPI54va/91xD3YKdO0wm2qIAFzEACePpnL
CEOufQn8A6egVudMFmJrx8g=
=k02R
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 02 Jul 2008 07:32:40 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:18:40 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon