Thanks Alex & Niels ! I could generate patch and use it. How to we test this fix ? does net-snmp has some security test suites to be used ?
Sampath On Tue, Sep 1, 2015 at 1:06 AM, Alexander Bergmann <abergm...@suse.com> wrote: > Hi Sampath, > > you need to have 'V5-7-patches' as a local branch. Otherwise you're > getting an error message. > > Just do a 'git checkout V5-7-patches' once and it should work. > > Regards, > Alex~ > > On Mon, Aug 31, 2015 at 11:22:35AM -0700, Sampathkumar Santhanakrishnan wrote: >> Hi Alex, >> Thanks for sharing this info. I tried to get the diff and it >> complains about "V5-7-patches". >> >> git diff v5.7.1 V5-7-patches snmplib/snmp_api.c > fix-5.7.1.patch >> fatal: ambiguous argument 'V5-7-patches': unknown revision or path not >> in the working tree. >> Use '--' to separate paths from revisions >> >> git branch >> * master >> >> Thanks & Regards, >> Sampath >> >> On Fri, Aug 28, 2015 at 5:41 AM, Alexander Bergmann <abergm...@suse.com> >> wrote: >> > Hi Sampathkumar, >> > >> > you can use git to get you a patch diff for this fix. >> > >> > Just clone the repo and run the following command. >> > >> > #> git diff v5.7.1 V5-7-patches snmplib/snmp_api.c > fix-5.7.1.patch >> > >> > Then edit the file and delete everything execpt of changes inside the >> > snmp_pdu_parse() function. Double check with the original fix and you >> > are done. >> > >> > Hope that helps, >> > Alex~ >> > >> > On Thu, Aug 27, 2015 at 12:25:41AM -0700, Sampathkumar Santhanakrishnan >> > wrote: >> >> Hello, >> >> I am looking for net-snmp 5.7.1 based patch for CVE-2015-5621 >> >> >> >> "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and >> >> earlier does not remove the varBind variable in a >> >> netsnmp_variable_list item when parsing of the SNMP PDU fails, which >> >> allows remote attackers to cause a denial of service (crash) and >> >> possibly execute arbitrary code via a crafted packet." >> >> >> >> Can someone help on this ? >> >> >> >> Thanks & Regards, >> >> Sampajtj >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> >> Net-snmp-coders mailing list >> >> Net-snmp-coders@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders >> >> >> > >> > -- >> > Alexander Bergmann <abergm...@suse.com>, Security Engineer, >> > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, >> > Graham Norton, HRB 21284 (AG Nürnberg) >> > > -- > Alexander Bergmann <abergm...@suse.com>, Security Engineer, > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu, > Graham Norton, HRB 21284 (AG Nürnberg) ------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
