Package: snmpd
Version: 5.2.1.2-2
Severity: serious
Justification: renders software unusable; possible DoS
Hi,
% snmpwalk [...] 10.0.1.2
[...]
IP-MIB::ip.34.1.11.1.4.127.0.0.1 = INTEGER: 2
IP-MIB::ip.34.1.11.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1 = INTEGER: 2
IP-MIB::ip.34.1.11.2.16.32.1.7.168.24.94.0.1.0.0.0.0.0.0.0.16 = INTEGER: 2
IP-MIB::ip.34.1.11.2.16.254.128.0.0.0.0.0.0.2.0.180.255.254.185.115.222 =
INTEGER: 2
IP-MIB::ip.34.1.11.2.16.254.128.0.0.0.0.0.0.2.5.93.255.254.162.102.34 =
INTEGER: 2
IP-MIB::ip.35.1.4.1.4.4.10.10.10.1 = Hex-STRING: 00 10 A7 11 F9 3F
Timeout: No Response from 10.0.1.2
Happens on all my machines, not architecture-specific.
*** glibc detected *** free(): invalid pointer: 0x0000000000649dd8 ***
Program received signal SIGABRT, Aborted.
0x00002aaaab772dd0 in raise () from /lib/libc.so.6
(gdb) bt
#0 0x00002aaaab772dd0 in raise () from /lib/libc.so.6
#1 0x00002aaaab774280 in abort () from /lib/libc.so.6
#2 0x00002aaaab7a853e in __fsetlocking () from /lib/libc.so.6
#3 0x00002aaaab7ae29b in malloc_usable_size () from /lib/libc.so.6
#4 0x00002aaaab7ae57e in free () from /lib/libc.so.6
#5 0x00002aaaab1e7d16 in snmp_free_var (var=0x6764a0) at snmp_api.c:4861
#6 0x00002aaaab1e7dc7 in snmp_free_varbind (var=0x6764a0) at snmp_api.c:4881
#7 0x00002aaaab1e7e31 in snmp_free_pdu (pdu=0x65ac90) at snmp_api.c:4921
#8 0x00002aaaab1e7ba7 in _sess_async_send (sessp=0x62aa60, pdu=0x65ac90,
callback=0, cb_data=0x0) at snmp_api.c:4815
#9 0x00002aaaab1e7c0b in snmp_sess_async_send (sessp=0x62aa60, pdu=0x65ac90,
callback=0, cb_data=0x0) at snmp_api.c:4833
#10 0x00002aaaab1e70ab in snmp_async_send (session=0x65a520, pdu=0x65ac90,
callback=0, cb_data=0x0) at snmp_api.c:4565
#11 0x00002aaaab1e7046 in snmp_send (session=0x65a520, pdu=0x65ac90) at
snmp_api.c:4551
#12 0x00002aaaaae4be4c in netsnmp_wrap_up_request (asp=0x677350, status=0) at
snmp_agent.c:1627
#13 0x00002aaaaae4f08d in netsnmp_handle_request (asp=0x677350, status=0) at
snmp_agent.c:2996
#14 0x00002aaaaae4c48d in handle_snmp_packet (op=1, session=0x65a520,
reqid=20857002, pdu=0x65aa70, magic=0x0) at snmp_agent.c:1792
#15 0x00002aaaab1e89f2 in _sess_process_packet (sessp=0x62aa60, sp=0x65a520,
isp=0x65a9a0, transport=0x658970, opaque=0x657f90, olength=16,
packetptr=0x65dee0 "[EMAIL PROTECTED]>@ยช\002\001", length=66) at
snmp_api.c:5213
#16 0x00002aaaab1e9fef in _sess_read (sessp=0x62aa60, fdset=0x7fffffcdf940) at
snmp_api.c:5610
#17 0x00002aaaab1ea040 in snmp_sess_read (sessp=0x62aa60, fdset=0x7fffffcdf940)
at snmp_api.c:5629
#18 0x00002aaaab1e8b90 in snmp_read (fdset=0x7fffffcdf940) at snmp_api.c:5265
#19 0x00000000004050a8 in receive () at snmpd.c:1149
#20 0x0000000000404615 in main (argc=7, argv=0x7fffffce0ca8) at snmpd.c:993
Looks like the IP-MIB code is at fault here, again. You may need to have IPv6
enabled on your system to reproduce the segfault. This one is so deeply buried
into snmpd that I'm not going to debug it. Spent my sunday morning fixing the
64bit-specific segfault (321713), that'll be enough for today.
Please forward to upstream ASAP.
JB.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages snmpd depends on:
ii libc6 2.3.5-3 GNU C Library: Shared libraries an
ii libsensors3 1:2.9.1-5 library to read temperature/voltag
ii libsnmp5 5.2.1.2-2 NET SNMP (Simple Network Managemen
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
snmpd recommends no packages.
-- no debconf information
