This bug was fixed in the package net-snmp - 5.8+dfsg-2ubuntu3
---
net-snmp (5.8+dfsg-2ubuntu3) groovy; urgency=medium
* SECURITY UPDATE: Fix segmentation fault that happens when using the
snmpv3 protocol with snmpbulkget. (LP: #1877027)
- d/p/move-securityStateRef-into-free
This bug was fixed in the package net-snmp - 5.8+dfsg-2ubuntu2.1
---
net-snmp (5.8+dfsg-2ubuntu2.1) focal-security; urgency=medium
* SECURITY UPDATE: Fix segmentation fault that happens when using the
snmpv3 protocol with snmpbulkget. (LP: #1877027)
- d/p/move-securityStateR
FYI, this was assigned CVE-2019-20892.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-20892
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877027
Title:
SNMP stopped running all
Andreas, agreed, I think (speaking from the Ubuntu Security Team's
perspective), this should go to focal-security.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877027
Title:
SNMP stopped running
@security team, this looks like a remote DoS that can be triggered by
authenticated users
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/18770
** Description changed:
+ [Impact]
+
+ When the user requests a bulkget operation using the snmpv3 protocol,
+ and this operation errors out, snmpd will experience a double free error
+ and will abort. This will obviously be very annoying to the user,
+ because from the client side it is not pos
** Merge proposal linked:
https://code.launchpad.net/~sergiodj/ubuntu/+source/net-snmp/+git/net-snmp/+merge/386283
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877027
Title:
SNMP stopped runn
** Merge proposal linked:
https://code.launchpad.net/~sergiodj/ubuntu/+source/net-snmp/+git/net-snmp/+merge/386281
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877027
Title:
SNMP stopped runn
** Also affects: net-snmp (Ubuntu Groovy)
Importance: High
Assignee: Sergio Durigan Junior (sergiodj)
Status: Triaged
** Also affects: net-snmp (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: net-snmp (Ubuntu Focal)
Status: New => Confirmed
** Chan
On Tuesday, June 23 2020, Ken Mix wrote:
> Hello,
>
> Running the reproducer with the build from your PPA now just shows a
> "genError" error instead of crashing the service:
>
> $ sudo snmpbulkget -v3 -Cn0 -Cr50 -l authPriv -u testuser -a SHA -A -x
> DES -X 127.0.0.1 iso.3.6.1.2.1.4.22.1.4
> E
Hello,
Running the reproducer with the build from your PPA now just shows a
"genError" error instead of crashing the service:
$ sudo snmpbulkget -v3 -Cn0 -Cr50 -l authPriv -u testuser -a SHA -A -x
DES -X 127.0.0.1 iso.3.6.1.2.1.4.22.1.4
Error in packet.
Reason: (genError) A general failure occ
On Tuesday, June 23 2020, ankur wrote:
> Any update on this bug? we are still waiting for the fix.
Yes, I think I finally have found the right patches to backport in order
to solve the segfault.
Before I go ahead with the merge proposal, I'd like to ask you to give
it a try with this PPA:
htt
Any update on this bug? we are still waiting for the fix.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877027
Title:
SNMP stopped running all of sudden (snmpd 5.8+dfsg-2)
To manage notifications
** Changed in: net-snmp (Ubuntu)
Assignee: (unassigned) => Sergio Durigan Junior (sergiodj)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877027
Title:
SNMP stopped running all of sudden (snm
I can reliably reproduce this on my 20.04 (vmWare 6.7 amd64 guest)
systems running the following:
sudo snmpbulkget -v3 -Cn0 -Cr50 -l authPriv -u testuser -a SHA -A
-x DES -X 127.0.0.1 iso.3.6.1.2.1.4.22.1.4
A gdb backtrace looks like the following:
double free or corruption (fasttop)
Program
By when ubuntu will officially release a Debian package with this fix ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877027
Title:
SNMP stopped running all of sudden (snmpd 5.8+dfsg-2)
To manage
Thanks for following up and for linking to the upstream work. To recap:
Upstream bug: https://sourceforge.net/p/net-snmp/bugs/2923/
Upstream patch: https://sourceforge.net/p/net-snmp/patches/1388/
The patch has been applied upstream [1] to the V5-8-patches branch as
commit
adc9b71aba9168ec641493
** Changed in: net-snmp (Ubuntu)
Status: Incomplete => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877027
Title:
SNMP stopped running all of sudden (snmpd 5.8+dfsg-2)
To manage n
Hi
Updated the bug, please have a look.
Regards
Ankur kulhar
On Thu, May 7, 2020 at 10:11 PM Paride Legovini <
paride.legov...@canonical.com> wrote:
> Thank you for taking the time to report this bug and helping to make
> Ubuntu better.
>
> There isn't really enough information here for a develo
net-snmp has given a patch in https://sourceforge.net/p/net-
snmp/bugs/2923/
Is there any plan to release a new veersion of SNMP?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877027
Title:
SNMP
@Paride Legovini (legovini)
This issue is super easy to reproduce, you can take any ubuntu version
including ubuntu 20.04 with snmpd 5.8+dfsg-2, configure snmpv3 and run
following command
snmpbulkget -v3 -Cn1 -Cr1472 -l authPriv -u testuser -a SHA -A -x
AES -X 127.0.0.1 1.3.6.1.2.1.1.5 1.3.6.1.
Thank you for taking the time to report this bug and helping to make
Ubuntu better.
There isn't really enough information here for a developer to confirm
this issue is a bug, or to begin working on it, so I am marking this bug
Incomplete for now.
If you can provide exact steps so that a developer
snmpd 5.8+dfsg-2 "double free or corruption"
openat(AT_FDCWD, "/proc/net/ipv6_route", O_RDONLY) = 14
fstat(14, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
read(14, "fe80"..., 1024) = 900
read(14, "", 1024) = 0
close(14) = 0
clock_gettime(CLOCK_MONOTONIC, {501384, 83923
23 matches
Mail list logo