Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2012-2141

Related Vulnerabilities: CVE-2012-2141  

Source

Debian Bug report logs - #672492
CVE-2012-2141

version graph

Package: net-snmp; Maintainer for net-snmp is Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Fri, 11 May 2012 14:21:01 UTC

Severity: grave

Tags: security

Found in version 5.4.3~dfsg-2.4

Fixed in version net-snmp/5.4.3~dfsg-2.5

Done: Luk Claes <luk@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>:
Bug#672492; Package net-snmp. (Fri, 11 May 2012 14:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>. (Fri, 11 May 2012 14:21:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2012-2141
Date: Fri, 11 May 2012 16:19:58 +0200
Package: net-snmp
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=815813 for details and
a proposed patch.

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>:
Bug#672492; Package net-snmp. (Wed, 23 May 2012 16:57:04 GMT) (full text, mbox, link).

Acknowledgement sent to Marc Deslauriers <marc.deslauriers@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>. (Wed, 23 May 2012 16:57:04 GMT) (full text, mbox, link).

Message #10 received at 672492@bugs.debian.org (full text, mbox, reply):

From: Marc Deslauriers <marc.deslauriers@ubuntu.com>
To: Debian Bug Tracking System <672492@bugs.debian.org>
Subject: Re: CVE-2012-2141
Date: Wed, 23 May 2012 12:55:20 -0400
[Message part 1 (text/plain, inline)]
Package: net-snmp
Version: 5.4.3~dfsg-2.4
Followup-For: Bug #672492
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu quantal ubuntu-patch



*** /tmp/tmp7KXNLG/bug_body
In Ubuntu, the attached patch was applied to achieve the following:

  * SECURITY UPDATE: denial of service via SNMP GET with non-existent
    extension table entry
    - debian/patches/CVE-2012-2141.patch: validate line_idx in
      agent/mibgroup/agent/extend.c.
    - CVE-2012-2141


Thanks for considering the patch.


-- System Information:
Debian Release: wheezy/sid
  APT prefers precise-updates
  APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-24-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

[net-snmp_5.4.3~dfsg-2.4ubuntu2.debdiff (text/x-diff, attachment)]

Reply sent to Luk Claes <luk@debian.org>:
You have taken responsibility. (Sun, 27 May 2012 16:57:25 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sun, 27 May 2012 16:57:25 GMT) (full text, mbox, link).

Message #15 received at 672492-close@bugs.debian.org (full text, mbox, reply):

From: Luk Claes <luk@debian.org>
To: 672492-close@bugs.debian.org
Subject: Bug#672492: fixed in net-snmp 5.4.3~dfsg-2.5
Date: Sun, 27 May 2012 16:55:48 +0000
Source: net-snmp
Source-Version: 5.4.3~dfsg-2.5

We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:

libsnmp-base_5.4.3~dfsg-2.5_all.deb
  to main/n/net-snmp/libsnmp-base_5.4.3~dfsg-2.5_all.deb
libsnmp-dev_5.4.3~dfsg-2.5_i386.deb
  to main/n/net-snmp/libsnmp-dev_5.4.3~dfsg-2.5_i386.deb
libsnmp-perl_5.4.3~dfsg-2.5_i386.deb
  to main/n/net-snmp/libsnmp-perl_5.4.3~dfsg-2.5_i386.deb
libsnmp-python_5.4.3~dfsg-2.5_i386.deb
  to main/n/net-snmp/libsnmp-python_5.4.3~dfsg-2.5_i386.deb
libsnmp15-dbg_5.4.3~dfsg-2.5_i386.deb
  to main/n/net-snmp/libsnmp15-dbg_5.4.3~dfsg-2.5_i386.deb
libsnmp15_5.4.3~dfsg-2.5_i386.deb
  to main/n/net-snmp/libsnmp15_5.4.3~dfsg-2.5_i386.deb
net-snmp_5.4.3~dfsg-2.5.debian.tar.gz
  to main/n/net-snmp/net-snmp_5.4.3~dfsg-2.5.debian.tar.gz
net-snmp_5.4.3~dfsg-2.5.dsc
  to main/n/net-snmp/net-snmp_5.4.3~dfsg-2.5.dsc
snmp_5.4.3~dfsg-2.5_i386.deb
  to main/n/net-snmp/snmp_5.4.3~dfsg-2.5_i386.deb
snmpd_5.4.3~dfsg-2.5_i386.deb
  to main/n/net-snmp/snmpd_5.4.3~dfsg-2.5_i386.deb
tkmib_5.4.3~dfsg-2.5_all.deb
  to main/n/net-snmp/tkmib_5.4.3~dfsg-2.5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 672492@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated net-snmp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 27 May 2012 17:22:01 +0200
Source: net-snmp
Binary: snmpd snmp libsnmp-base libsnmp15 libsnmp15-dbg libsnmp-dev libsnmp-perl libsnmp-python tkmib
Architecture: source i386 all
Version: 5.4.3~dfsg-2.5
Distribution: unstable
Urgency: medium
Maintainer: Net-SNMP Packaging Team <pkg-net-snmp-devel@lists.alioth.debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description: 
 libsnmp-base - SNMP (Simple Network Management Protocol) MIBs and documentation
 libsnmp-dev - SNMP (Simple Network Management Protocol) development files
 libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
 libsnmp-python - SNMP (Simple Network Management Protocol) Python support
 libsnmp15  - SNMP (Simple Network Management Protocol) library
 libsnmp15-dbg - SNMP (Simple Network Management Protocol) library debug
 snmp       - SNMP (Simple Network Management Protocol) applications
 snmpd      - SNMP (Simple Network Management Protocol) agents
 tkmib      - SNMP (Simple Network Management Protocol) MIB browser
Closes: 609430 626312 633166 634735 654166 657519 661252 672492
Changes: 
 net-snmp (5.4.3~dfsg-2.5) unstable; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2012-2141 by using Ubuntu's patch (Closes: #672492).
   * Do not ship *.la files (Closes: #633166).
   * Enable hardened build flags and fix missing format strings
     (Closes: #657519).
   * Source debconf before doing work in postinst (Closes: #626312).
   * Fix check for existing snmp group in postinst (Closes: #609430).
   * Use *-any architecture qualifiers (Closes: #634735).
   * Add Indonesian debconf translation (Closes: #654166).
   * Add Polish debconf translation (Closes: #661252).
Checksums-Sha1: 
 9a6bba703bae831e0df0c9f3cc3680b9c6d62780 2108 net-snmp_5.4.3~dfsg-2.5.dsc
 9a40baed5f8e991ceaa06f5a26a331e2d88cbb87 55345 net-snmp_5.4.3~dfsg-2.5.debian.tar.gz
 ebc49dfc9e33ae04e8b5bc611043020cdc1e2f34 963996 snmpd_5.4.3~dfsg-2.5_i386.deb
 72a42080b509cb627e77a05e60993100fdd5991c 1041702 snmp_5.4.3~dfsg-2.5_i386.deb
 76657bc07c448050cf8aa9531cbd5b40becfd28c 1099788 libsnmp-base_5.4.3~dfsg-2.5_all.deb
 7e5997559b1d4017464bc33c7e73b5466d78b5f5 2182166 libsnmp15_5.4.3~dfsg-2.5_i386.deb
 71be6da2fb6ca7254b6db0df3557575503add169 2346956 libsnmp15-dbg_5.4.3~dfsg-2.5_i386.deb
 7aab375070e0180563ed39721a4f0426c561671c 1660850 libsnmp-dev_5.4.3~dfsg-2.5_i386.deb
 700564173b6b4107a3d50d8b3828da9d3c21f32c 128650 libsnmp-perl_5.4.3~dfsg-2.5_i386.deb
 233fd88ffbfd0c2fa837c436df0a80e65a5fe30c 926960 libsnmp-python_5.4.3~dfsg-2.5_i386.deb
 ea51d4b27be03b4ab21139b9c904c3489ef83d7b 982330 tkmib_5.4.3~dfsg-2.5_all.deb
Checksums-Sha256: 
 d758e5071ac43f728dbbe30ca5f986214c7d2d8abf14b62378ccc01740b55db1 2108 net-snmp_5.4.3~dfsg-2.5.dsc
 fa71f25ec134ece44dff0d1c9d92b1d2d6aff4277e56c3a41affc9db1ddaee7b 55345 net-snmp_5.4.3~dfsg-2.5.debian.tar.gz
 aba180bd020e9892f8ac65b851c81adb59995f8bc887c712bc4ee9e54015c0ee 963996 snmpd_5.4.3~dfsg-2.5_i386.deb
 cfa34d0a03a4b287a3b1f9b9f9318fa2ac36caa6109c7717422a84616f39dc87 1041702 snmp_5.4.3~dfsg-2.5_i386.deb
 cd902020698c6ca784db95a41bd3ff0734029907a7cc96d80e9c6c5485967928 1099788 libsnmp-base_5.4.3~dfsg-2.5_all.deb
 5a3700f58361711dd81697b5b1e166edb9932e1957af28c4a9fa5cdf5b9bfd31 2182166 libsnmp15_5.4.3~dfsg-2.5_i386.deb
 111f2e824b6990915e52e3365193e2194144ab0fbb5fa4c6d42f21f0c17b53bf 2346956 libsnmp15-dbg_5.4.3~dfsg-2.5_i386.deb
 6acbce8fd97b8af94d4e0a83183259c02b18ca8c1f32438e1c9c53e6ece6f7a4 1660850 libsnmp-dev_5.4.3~dfsg-2.5_i386.deb
 095cef87ad9594d52165726b8e27ddfa631fba01c80aba9a6a64d18d9baf8f67 128650 libsnmp-perl_5.4.3~dfsg-2.5_i386.deb
 e4c7850e03e80c76e3d38ca06becc6eba4df227f4e2b07158d84435238378d6a 926960 libsnmp-python_5.4.3~dfsg-2.5_i386.deb
 a6a4e884dcd58f91ff7069dac7ad65eaf9d9e8b19bcd14be384835c3eb0bda3c 982330 tkmib_5.4.3~dfsg-2.5_all.deb
Files: 
 870e31a0d3fcdcdc3865e1f8789d3af1 2108 net optional net-snmp_5.4.3~dfsg-2.5.dsc
 7f475f1aa81935d19fbcfa805e907fce 55345 net optional net-snmp_5.4.3~dfsg-2.5.debian.tar.gz
 2fe850a3d925e2b24b48dd355fd9bf29 963996 net optional snmpd_5.4.3~dfsg-2.5_i386.deb
 27d26fe667b48d61445941a4146a4f7b 1041702 net optional snmp_5.4.3~dfsg-2.5_i386.deb
 927d989a3fc52c1ffea5d82a772d828c 1099788 libs optional libsnmp-base_5.4.3~dfsg-2.5_all.deb
 50e8fe28d85a5b70312dbdeb8a3de4a2 2182166 libs optional libsnmp15_5.4.3~dfsg-2.5_i386.deb
 b75d32f4a821fffd4853543f00d4be75 2346956 debug extra libsnmp15-dbg_5.4.3~dfsg-2.5_i386.deb
 ee43ab850fedfa389c06e9784b2adfec 1660850 libdevel optional libsnmp-dev_5.4.3~dfsg-2.5_i386.deb
 82413915f8502d826cd1ef4570d9d3e5 128650 perl optional libsnmp-perl_5.4.3~dfsg-2.5_i386.deb
 8c16c488dfe2dc69c554b60fe5159e20 926960 python optional libsnmp-python_5.4.3~dfsg-2.5_i386.deb
 6c0200468fe36869a9fbc0c5b8cdb7aa 982330 net optional tkmib_5.4.3~dfsg-2.5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk/CVnQACgkQ5UTeB5t8Mo2czACfaY9JTfElihX93iG9exMZZ+G8
aFQAoIu8VcrwjgjsHvHnUFEP+U+yNwDa
=P/rb
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2012 07:45:05 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:40:18 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started