Bug 12236 - net-snmp new security issue CVE-2012-6151
Summary: net-snmp new security issue CVE-2012-6151
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/579462/
Whiteboard: has_procedure advisory mga3-64-ok mga...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2014-01-07 23:23 CET by David Walser
Modified: 2014-01-21 17:39 CET (History)
3 users (show)

See Also:
Source RPM: net-snmp-5.7.2-12.mga4.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2014-01-07 23:23:18 CET
Fedora has issued an advisory on December 5:
https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125828.html

I've added patches in SVN to fix that, as well as a couple of other minor bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=895357
https://bugzilla.redhat.com/show_bug.cgi?id=965348

I've requested a freeze push for Cauldron.  The patches are in Mageia 3 SVN also.

Reproducible: 

Steps to Reproduce:
David Walser 2014-01-07 23:23:30 CET

Whiteboard: (none) => MGA3TOO

Comment 1 David Walser 2014-01-09 17:00:15 CET
net-snmp-5.7.2-13.mga4 uploaded for Cauldron.

Philippe, there's a Python issue building this in Mageia 3:
http://pkgsubmit.mageia.org/uploads/failure/3/core/updates_testing/20140109150915.luigiwalser.valstar.2925/log/net-snmp-5.7.2-7.1.mga3/build.0.20140109151006.log

CC: (none) => makowski.mageia
Version: Cauldron => 3
Whiteboard: MGA3TOO => (none)

Comment 2 Philippe Makowski 2014-01-09 20:58:21 CET
Python issue building net-snmp-5.7.2-7.1.mga3 is fixed
http://pkgsubmit.mageia.org/uploads/done/3/core/updates_testing/20140109193545.philippem.valstar.10577
Comment 3 David Walser 2014-01-09 21:09:30 CET
Thanks Philippe!

Advisory:
========================

Updated net-snmp packages fix security vulnerability:

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and
processing GETNEXT requests, allows remote attackers to cause a denial of
service (crash or infinite loop, CPU consumption, and hang) by causing the
AgentX subagent to timeout (CVE-2012-6151).

This update also fixes two other minor issues: IPADDRESS size in
python-netsnmp on 64-bit systems and adding btrfs support to hrFSTable.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6151
https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125828.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097794.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097794.html
========================

Updated packages in core/updates_testing:
========================
net-snmp-5.7.2-7.1.mga3
libnet-snmp30-5.7.2-7.1.mga3
libnet-snmp-devel-5.7.2-7.1.mga3
libnet-snmp-static-devel-5.7.2-7.1.mga3
net-snmp-utils-5.7.2-7.1.mga3
net-snmp-tkmib-5.7.2-7.1.mga3
net-snmp-mibs-5.7.2-7.1.mga3
net-snmp-trapd-5.7.2-7.1.mga3
perl-NetSNMP-5.7.2-7.1.mga3
python-netsnmp-5.7.2-7.1.mga3

from net-snmp-5.7.2-7.1.mga3.src.rpm

Assignee: bugsquad => qa-bugs

Comment 4 claire robinson 2014-01-21 13:00:41 CET
Procedure in bug 6076

# service snmpd start
# snmpget -c public localhost system.sysDescr.0
Comment 5 claire robinson 2014-01-21 16:27:22 CET
Testing complete mga3 64

Not familiar with this at all, but the PoC doesn't cause a crash in default setup.
http://sourceforge.net/p/net-snmp/bugs/2411/

The command from comment 4 gives an error which appears to complain of missing authentication which from a bit of googling appears to be compulsory with v3 so forcing an earlier version v2c and testing as below..

# service snmpd start

$ snmpget -v2c -c public localhost system.sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Linux mega 3.10.24-server-2.mga3 #1 SMP Fri Dec 13 20:43:17 UTC 2013 x86_64

$ snmpwalk -v2c -c public localhost

Shows a list of 'stuff'

Whiteboard: (none) => has_procedure mga3-64-ok

Comment 6 claire robinson 2014-01-21 16:36:03 CET
Testing complete mga3 32

Whiteboard: has_procedure mga3-64-ok => has_procedure mga3-64-ok mga3-32-ok

Comment 7 claire robinson 2014-01-21 16:40:04 CET
Advisory uploaded. Validating

Could sysadmin please push from 3 core/updates_testing to updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga3-64-ok mga3-32-ok => has_procedure advisory mga3-64-ok mga3-32-ok
CC: (none) => sysadmin-bugs

Comment 8 Thomas Backlund 2014-01-21 17:39:38 CET
Update pushed:
http://advisories.mageia.org/MGASA-2014-0019.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.