Public bug reported:
Overview:
When snmpd is configured to show a limited view of oids using VACM, it is
possible to cause snmpd to hang by performing an snmpwalk.
Tested on 5.7.2~dfsg-8.1ubuntu3.2 on Mint 17.1 (aka Ubuntu 14.04) and
5.7.3+dfsg-1ubuntu4 on Ubuntu 16.04.3
Steps to reproduce:
Use VACM to restrict the OIDs that a user has access to as follows: (I'll
attach a full snmpd.conf below)
view limited_vw included .1.3.6.1.2.1.1
view limited_vw included .1.3.6.1.2.1.2
view limited_vw included .1.3.6.1.2.1.4.31
Perform an snmpwalk NOT using bulk walk
Expected result; A listing of the contents of those three OID trees
Actual result; snmpwalk will list all the OIDs up to
iso.3.6.1.2.1.2.2.1.22 and then hang.
All subsequent attempts to query any SNMP will time out. SNMPD has to be
restarted before it will respond again. There doesn't seem to be
anything useful in the logs.
Mitigation:
If the user is also allowed to browse two more OIDs the problem goes away:
view limited_vw included .1.3.6.1.2.1.1
view limited_vw included .1.3.6.1.2.1.2
# Necessary OIDs
view limited_vw included .1.3.6.1.2.1.4.1
view limited_vw included .1.3.6.1.2.1.4.25
#
view limited_vw included .1.3.6.1.2.1.4.31
Or, only query the host using snmpbulkwalk.
** Affects: net-snmp (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "Example config that will trigger the bug"
https://bugs.launchpad.net/bugs/1742671/+attachment/5035050/+files/example_snmpd.conf
** Summary changed:
- SNMPD hangs when a client browses a restriced OID
+ SNMPD hangs when a client browses a restricted OID
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1742671
Title:
SNMPD hangs when a client browses a restricted OID
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1742671/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
