Bug 22775 - net-snmp new security issue CVE-2018-1000116
Summary: net-snmp new security issue CVE-2018-1000116
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA6-64-OK
Keywords: advisory, has_procedure, validated_update
Depends on:
Reported: 2018-03-15 14:50 CET by David Walser
Modified: 2020-05-11 15:10 CEST (History)
7 users (show)

See Also:
Source RPM: net-snmp-5.7.3-9.mga7.src.rpm
Status comment:


Description David Walser 2018-03-15 14:50:57 CET
Fedora has issued an advisory on March 13:

The RedHat bug links the fix for CVE-2015-5621 (Bug 15712), so I'm guessing it was the wrong link, but hopefully they have a good patch for this in git.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-03-15 14:51:15 CET

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-03-15 18:12:43 CET
Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC'ing some committers.

Assignee: bugsquad => pkg-bugs
CC: (none) => geiger.david68210, guillomovitch, mageia, marja11

Comment 2 David Walser 2018-03-15 20:35:12 CET
It appears to be almost the same patch as before, but it looks like this previously fixed issue got unfixed when we updated to 5.7.3 (for Mageia 6) and removed the patch (so Mageia 5 is actually not affected).

The patch from Fedora will need some rediffing work:

Status comment: (none) => Patch available from Fedora (needs rediffed)

Marc Krämer 2018-03-16 00:18:12 CET

Assignee: pkg-bugs => mageia

Comment 3 Marc Krämer 2018-03-16 00:52:44 CET
I've applied the given patch for mga6, and added the patch for cauldron.

Suggested advisory:

Updated net-snmp packages fix security vulnerabilities:

A Heap corruption in snmp_pdu_parse function in snmplib/snmp_api.c was discovered (CVE-2018-1000116).


Updated packages in core/updates_testing:

Source RPMs: 
Marc Krämer 2018-03-16 00:52:56 CET

Assignee: mageia => qa-bugs

David Walser 2018-03-16 18:26:23 CET

Status comment: Patch available from Fedora (needs rediffed) => (none)
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 4 claire robinson 2018-03-16 19:14:21 CET
Procedure: bug 12236 comment 5

Keywords: (none) => has_procedure

Comment 5 Len Lawrence 2018-03-26 14:37:57 CEST
Covering this one for Mageia 6 - 64 bits.

CC: (none) => tarazed25

Comment 6 Len Lawrence 2018-03-26 15:34:27 CEST
No PoC available for this.

Clean update:
- lib64net-snmp-devel-5.7.3-4.1.mga6.x86_64
- lib64net-snmp-static-devel-5.7.3-4.1.mga6.x86_64
- lib64net-snmp30-5.7.3-4.1.mga6.x86_64
- net-snmp-5.7.3-4.1.mga6.x86_64
- net-snmp-mibs-5.7.3-4.1.mga6.x86_64
- net-snmp-trapd-5.7.3-4.1.mga6.x86_64
- net-snmp-utils-5.7.3-4.1.mga6.x86_64
- perl-NetSNMP-5.7.3-4.1.mga6.x86_64
- python-netsnmp-5.7.3-4.1.mga6.x86_64

Summary of utilities:
encode_keychange 	produce the KeyChange string for SNMPv3.
snmptranslate 	translate MIB OID names between numeric and textual forms.
snmpget 	communicates with a network entity using SNMP GET requests.
snmpgetnext 	Communicates with a network entity using SNMP GETNEXT requests.
snmpbulkget 	Communicates with a network entity using SNMP GETBULK requests.
snmpwalk 	retrieve a subtree of management values using SNMP GETNEXT requests.
snmpbulkwalk 	retrieve a subtree of management values using SNMP GETBULK requests.
snmpset 	communicates with a network entity using SNMP SET requests.
snmptrap 	Sends SNMP TRAP or INFORM notification messages.
snmpd 	A SNMP agent that responds to SNMP requests for a given host.
snmptrapd 	A SNMP daemon that listens for SNMP TRAPs or INFORMs and logs or acts upon them.
snmptest 	communicates with a network entity using SNMP requests.
mib2c 	A MIB conversion utility that can translate MIB structures into other forms, such as C-code
tkmib 	a perl/Tk interactive graphical MIB browser for SNMP.

Usage information is displayed when the application name is typed in a terminal.
tkmib is not provided.

$ sudo systemctl start snmpd
$ systemctl status snmpd
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
   Loaded: loaded (/usr/lib/systemd/system/snmpd.service; enabled; vendor preset
   Active: active (running) since Mon 2018-03-26 14:15:45 BST; 14s ago
 Main PID: 17476 (snmpd)
   CGroup: /system.slice/snmpd.service
           └─17476 /usr/sbin/snmpd -LS0-4d -f

Referring to the procedure in bug 12236:
$ snmpget -v2c -c public localhost system.sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Linux difda 4.14.25-server-1.mga6 #1 SMP Fri Mar 9 20:08:31 UTC 2018 x86_64

$ snmpwalk -v2c -c public localhost
SNMPv2-MIB::sysDescr.0 = STRING: Linux difda 4.14.25-server-1.mga6 #1 SMP Fri Mar 9 20:08:31 UTC 2018 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (21501) 0:03:35.01
SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: difda
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (9000887) 1 day, 1:00:08.87
HOST-RESOURCES-MIB::hrSystemUptime.0 = No more variables left in this MIB View (It is past the end of the MIB tree)

Giving this a clean bill of health.

Whiteboard: (none) => MGA6-64-OK

Comment 7 claire robinson 2018-03-29 17:37:48 CEST
Advisory uploaded. Validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => advisory, validated_update

Comment 8 Mageia Robot 2018-03-29 23:01:19 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Myung Spencer 2020-05-11 10:53:26 CEST

CC: (none) => gykahuq

Note You need to log in before you can comment on or make changes to this bug.