Bug 30697 - net-snmp new security issues CVE-2022-2480[5-9] and CVE-2022-24810
Summary: net-snmp new security issues CVE-2022-2480[5-9] and CVE-2022-24810
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-08-03 00:53 CEST by David Walser
Modified: 2022-08-29 07:09 CEST (History)
5 users (show)

See Also:
Source RPM: net-snmp-5.9-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-08-03 00:53:39 CEST 
Ubuntu has issued an advisory on August 1:
https://ubuntu.com/security/notices/USN-5543-1

The issues are fixed upstream in 5.9.2.

Mageia 8 is also affected.
David Walser 2022-08-03 00:53:49 CEST

Status comment: (none) => Fixed upstream in 5.9.2
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-08-03 21:39:04 CEST 
Another which has to be assigned globally.

Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2022-08-09 17:22:00 CEST 
Fedora has issued an advisory for this today (August 9):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/

They updated to 5.9.3.
Comment 3 David Walser 2022-08-17 18:39:38 CEST 
Debian has issued an advisory for this on August 16:
https://www.debian.org/security/2022/dsa-5209
Comment 4 Nicolas Salguero 2022-08-22 17:58:11 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805)

Buffer overflow and out of bounds memory access. (CVE-2022-24806)

A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. (CVE-2022-24807)

A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. (CVE-2022-24808)

A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809)

A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24810
https://ubuntu.com/security/notices/USN-5543-1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/
https://www.debian.org/security/2022/dsa-5209
========================

Updated packages in core/updates_testing:
========================
lib(64)net-snmp40-5.9-1.1.mga8
lib(64)net-snmp-devel-5.9-1.1.mga8
net-snmp-5.9-1.1.mga8
net-snmp-mibs-5.9-1.1.mga8
net-snmp-tkmib-5.9-1.1.mga8
net-snmp-trapd-5.9-1.1.mga8
net-snmp-utils-5.9-1.1.mga8
perl-NetSNMP-5.9-1.1.mga8
python3-netsnmp-5.9-1.1.mga8

from SRPM:
net-snmp-5.9-1.1.mga8.src.rpm

Source RPM: net-snmp-5.9.1-6.mga9.src.rpm => net-snmp-5.9-1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
CC: (none) => nicolas.salguero
Status comment: Fixed upstream in 5.9.2 => (none)

Comment 5 Herman Viaene 2022-08-26 11:00:31 CEST 
MGA8-64 Plasma on Acer Aspire 5253
No installation issues
Ref bug 22775 for testing
# systemctl start snmpd
# systemctl -l status snmpd
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
     Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
     Active: active (running) since Fri 2022-08-26 10:54:59 CEST; 15s ago
   Main PID: 13581 (snmpd)
      Tasks: 1 (limit: 4364)
     Memory: 3.5M
        CPU: 189ms
     CGroup: /system.slice/snmpd.service
             └─13581 /usr/sbin/snmpd -LS0-4d -f

Aug 26 10:54:58 mach7.hviaene.thuis systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
Aug 26 10:54:59 mach7.hviaene.thuis systemd[1]: Started Simple Network Management Protocol (SNMP) Daemon..


$ snmpget -v2c -c public localhost system.sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Linux mach7.hviaene.thuis 5.15.62-server-1.mga8 #1 SMP Sun Aug 21 17:26:50 UTC 2022 x86_64
[tester8@mach7 ~]$ snmpwalk -v2c -c public localhost
SNMPv2-MIB::sysDescr.0 = STRING: Linux mach7.hviaene.thuis 5.15.62-server-1.mga8 #1 SMP Sun Aug 21 17:26:50 UTC 2022 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (7535) 0:01:15.35
SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
SNMPv2-MIB::sysName.0 = STRING: mach7.hviaene.thuis
SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (6) 0:00:00.06
SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.5 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORID.6 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.8 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.9 = OID: SNMP-NOTIFICATION-MIB::snmpNotifyFullCompliance
SNMPv2-MIB::sysORID.10 = OID: NOTIFICATION-LOG-MIB::notificationLogMIB
SNMPv2-MIB::sysORDescr.1 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model.
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.5 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.8 = STRING: The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.9 = STRING: The MIB modules for managing SNMP Notification, plus filtering.
SNMPv2-MIB::sysORDescr.10 = STRING: The MIB module for logging SNMP Notifications.
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (5) 0:00:00.05
SNMPv2-MIB::sysORUpTime.9 = Timeticks: (6) 0:00:00.06
SNMPv2-MIB::sysORUpTime.10 = Timeticks: (6) 0:00:00.06
HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (298094) 0:49:40.94
HOST-RESOURCES-MIB::hrSystemUptime.0 = No more variables left in this MIB View (It is past the end of the MIB tree)

Looks similar to refered bug 22775, thus OK'ing.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2022-08-26 14:08:59 CEST 
Validating. Advisory in Comment 4.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-08-28 23:51:21 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2022-08-29 07:09:04 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0311.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.