[Pkg-net-snmp-devel] Bug#684388: agentx: Oversized Object ID
Simon Paillard
spaillard at debian.org
Thu Mar 6 13:43:34 UTC 2014
Hi,
On Thu, Aug 09, 2012 at 01:32:37PM +0200, Vincent Bernat wrote:
> Package: libsnmp15
> Version: 5.4.3~dfsg-2.5
> Severity: important
> Tags: upstream patch
>
> AgentX support is ineffective when a manager requests unrelated OID in
> the same GET request. snmpd will send those unrelated variables into
> the same PDU to the subagent and the subagent will choke with:
>
> agentx: Oversized Object ID
[..]
> First three OID contain 11 subid while the next one has 12
> subid. snmpd will try several time to communicate those OID to the
> subagent and will give up. A manager requesting always the same OID
> will never get an answer.
>
> The bug is fixed upstream in 5.4.4. I attach the revelant patch
> extracted from the git repository. I think it may warrant a freeze
> exception. The bug is 100% reproducible on my platform.
I've been hitten by the very same bug, which is blocking, and may be even -in
my opinion- a security bug.
As the bugfix is already present in testing, would you consider an upload to
stable-proposed-updates ?
http://sources.debian.net/src/net-snmp/5.7.2~dfsg-8.1/agent/mibgroup/agentx/protocol.c#L1774
I can take care of the upload if necessary.
Thanks and best regards.
--
Simon Paillard
More information about the Pkg-net-snmp-devel
mailing list