REDHAT-BUG-1212408
First published: Thu Apr 16 2015(Updated: )
It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables in case the parsing of the SNMP PDU failed. If later processing tries to operate on the stale and incompletely processed varBind (e.g. when printing the variables), this can lead to e.g. crashes or, possibly, execution of arbitrary code (although I've only seen NULL pointer dereferences during my testing, I currently can't rule out code execution completely). The snmp_pdu_parse() function stores varBind variables in a list of netsnmp_variable_list structures. Each time the function parses a new varBind, a new netsnmp_variable_list item is allocated on the heap and linked to the list of variables. The problem is that this item is not removed from the list, even if snmp_pdu_parse() fails to complete the parsing. The "type" member of the stale netsnmp_variable_list is not properly initialized in case snmp_pdu_parse() returns early from the parsing. However, the "type" member is used to determine later code paths, which is why we see crashes in a variety of functions, although the root cause for all of these is the same. References: Upstream patch: <a href="https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/">https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/</a> Upstream bug: <a href="https://sourceforge.net/p/net-snmp/bugs/2615/">https://sourceforge.net/p/net-snmp/bugs/2615/</a> (possibly restricted) Reporter's mail to oss-security: <a href="http://www.openwall.com/lists/oss-security/2015/04/13/1">http://www.openwall.com/lists/oss-security/2015/04/13/1</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS Net-SNMP Agent Libraries |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
- https://sourceforge.net/p/net-snmp/bugs/2615/
- http://www.openwall.com/lists/oss-security/2015/04/13/1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1212412
- https://rhn.redhat.com/errata/RHSA-2015-1636.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1212408
Frequently Asked Questions
What is the severity of REDHAT-BUG-1212408?
The severity of REDHAT-BUG-1212408 is categorized as moderate due to potential data inconsistency issues.
How do I fix REDHAT-BUG-1212408?
To fix REDHAT-BUG-1212408, update to the latest version of Net-SNMP that addresses the incomplete parsing issue.
What is affected by REDHAT-BUG-1212408?
REDHAT-BUG-1212408 affects the Net-SNMP library, specifically the snmp_pdu_parse() function within it.
What vulnerabilities are associated with REDHAT-BUG-1212408?
REDHAT-BUG-1212408 can lead to operational failures when processing stale and incompletely parsed varBind variables.
Who is affected by REDHAT-BUG-1212408?
Users and applications utilizing the Net-SNMP library for SNMP management may be affected by REDHAT-BUG-1212408.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5621
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/net-snmp
- canonical/centos net-snmp agent libraries