Package: rancid
Version: 2.3.2-1.1
Severity: normal
Tags: patch
CatOS pads the output of snmp community names in show running-config with
multiple spaces, but the regex for stripping the community names out
only matches on one.
The attached patch fixes this information disclosure problem and has
been forwarded to upstream maintainers already.
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (800, 'stable'), (400, 'testing'), (99, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-xen-686 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages rancid depends on:
ii adduser 3.110 add and remove users and groups
ii cvs 1:1.12.13-12 Concurrent Versions System
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii expect 5.43.0-17 A program that can automate intera
ii iputils-ping [ping] 3:20071127-1 Tools to test the reachability of
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii openssh-client 1:5.1p1-5 secure shell client, an rlogin/rsh
ii passwd 1:4.1.1-6+lenny1 change and administer password and
ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction
ii ssh 1:5.1p1-5 secure shell client and server (me
ii subversion 1.5.1dfsg1-4 Advanced version control system
rancid recommends no packages.
Versions of packages rancid suggests:
ii diffstat 1.45-2 produces graph of changes introduc
-- debconf information:
* rancid/warning:
* rancid/go_on: true
--- cat5rancid.orig 2010-04-26 11:22:15.000000000 +0800
+++ cat5rancid 2010-04-26 11:22:28.000000000 +0800
@@ -1000,7 +1000,7 @@
}
next;
}
- if (/^(set snmp community) (\S+) (\S+)/) {
+ if (/^(set snmp community) (\S+)\s+(\S+)/) {
if ($filter_commstr) {
ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $2
<removed>\n");
} else {
