[Pkg-net-snmp-devel] Bug#963713: net-snmp: CVE-2019-20892
Sylvain Beucler
beuc at beuc.net
Tue Jul 7 16:44:58 BST 2020
Hi,
On 07/07/2020 17:07, Sylvain Beucler wrote:
> On 06/07/2020 19:11, Sylvain Beucler wrote:
>> Do we have definite info on what versions are affected?
>>
>> I cannot reproduce the issue in jessie/stretch/buster (5.7.x).
>>
>> Incidentally Salvatore's test now yields an error in bullseye
>> (5.8dfsg-3), though I suspect the issue is at the client's level:
>> # snmpbulkget -v3 -Cn1 -Cr1472 -l authPriv -u testuser -a SHA -A
>> testpass -x AES -X testpass 127.0.0.1 1.3.6.1.2.1.1.5 1.3.6.1.2.1.1.7
>> Error in packet.
>> Reason: (genError) A general failure occured
>
> Bisecting gives a range of ~20 commits where the server is buggy (either
> goes 100% CPU, or rejects the request with "send response: Too long").
>
> 1a0dbe19bf2787bb5bea913f210a9a5eb4c0c80c
> "new snmp token sendMessageMaxSize"
> works fine.
>
> 3eb4b473fed816108d1843dadee1ce877415b96b
> "add debug_enable_token_logs debug_disable_token_logs to output_api.h"
> triggers the double-free.
>
> Anything in-between is random, and includes 2 "getbulk enhancements".
> The date varies greatly so this may be a series of cherry-picks.
>
> In any case, all of this happens between 5.7.3 and 5.8.pre1.
Restricting further (good..bad):
$ git shortlog
1a0dbe19bf2787bb5bea913f210a9a5eb4c0c80c..e207b8113260fd7d84df0ebdb66925ab70da29b2
Robert Story (2):
Add VMware copyright
tweak sndMsgMaxSize handling
VMwareDev Randy (4):
getbulk enhancements: limit responses gathered
reduce session msg max sizes to transport max
getbulk enhancements: response size + fallback to forward encoding
move v3 engineID probe into initial packet build
Cheers!
Sylvain Beucler
Debian LTS Team
More information about the Pkg-net-snmp-devel
mailing list