Public bug reported: Overview: When snmpd is configured to show a limited view of oids using VACM, it is possible to cause snmpd to hang by performing an snmpwalk.
Tested on 5.7.2~dfsg-8.1ubuntu3.2 on Mint 17.1 (aka Ubuntu 14.04) and 5.7.3+dfsg-1ubuntu4 on Ubuntu 16.04.3 Steps to reproduce: Use VACM to restrict the OIDs that a user has access to as follows: (I'll attach a full snmpd.conf below) view limited_vw included .1.3.6.1.2.1.1 view limited_vw included .1.3.6.1.2.1.2 view limited_vw included .1.3.6.1.2.1.4.31 Perform an snmpwalk NOT using bulk walk Expected result; A listing of the contents of those three OID trees Actual result; snmpwalk will list all the OIDs up to iso.3.6.1.2.1.2.2.1.22 and then hang. All subsequent attempts to query any SNMP will time out. SNMPD has to be restarted before it will respond again. There doesn't seem to be anything useful in the logs. Mitigation: If the user is also allowed to browse two more OIDs the problem goes away: view limited_vw included .1.3.6.1.2.1.1 view limited_vw included .1.3.6.1.2.1.2 # Necessary OIDs view limited_vw included .1.3.6.1.2.1.4.1 view limited_vw included .1.3.6.1.2.1.4.25 # view limited_vw included .1.3.6.1.2.1.4.31 Or, only query the host using snmpbulkwalk. ** Affects: net-snmp (Ubuntu) Importance: Undecided Status: New ** Attachment added: "Example config that will trigger the bug" https://bugs.launchpad.net/bugs/1742671/+attachment/5035050/+files/example_snmpd.conf ** Summary changed: - SNMPD hangs when a client browses a restriced OID + SNMPD hangs when a client browses a restricted OID -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1742671 Title: SNMPD hangs when a client browses a restricted OID To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1742671/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs