Bugzilla – Bug 866942
VUL-0: CVE-2014-2284, CVE-2014-2285: net-snmp: two remote denial of service problems
Last modified: 2018-10-19 18:17:45 UTC
via oss-sec Date: Wed, 05 Mar 2014 14:07:27 +0530 From: Huzaifa Sidhpurwala <huzaifas@redhat.com> Subject: [oss-security] CVE request for two net-snmp remote DoS flaws Hi All, Two remote denial of service flaws were found in net-snmp details as below: 1. net-snmp: denial of service flaw in Linux implementation of ICMP-MIB https://bugzilla.redhat.com/show_bug.cgi?id=1070396 http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/ 2.net-snmp: snmptrapd crash when using a trap with empty community string https://bugzilla.redhat.com/show_bug.cgi?id=1072778 https://bugzilla.redhat.com/show_bug.cgi?id=1072044 http://sourceforge.net/p/net-snmp/patches/1275/ Can 2 CVE be please assigned to these issues? References: http://comments.gmane.org/gmane.comp.security.oss.general/12284 http://sourceforge.net/p/net-snmp/patches/1275/ https://bugzilla.redhat.com/show_bug.cgi?id=1072778 https://bugzilla.redhat.com/show_bug.cgi?id=1072044 https://bugzilla.redhat.com/show_bug.cgi?id=1070396
(1) does only affect the net-snmp 5.5 series ... so it does not affect SLE11. (2) seems to affect SLE11 and potential older versions.
bugbot adjusting priority
from mitre > 1. net-snmp: denial of service flaw in Linux implementation of ICMP-MIB > https://bugzilla.redhat.com/show_bug.cgi?id=1070396 > http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/ A first look at the patch suggests that it's about missing input validation, and not also about independently exploitable off-by-one errors in the sizes of data structures. In other words, although something like: - struct icmp_msg_mib vals[255]; + struct icmp_msg_mib vals[256]; would often be an independent security fix (255 is an unusual size), here it's not a security fix relative to the original code. If other analysis shows that that's incorrect, we'll add another CVE ID. Use CVE-2014-2284 for the missing input validation. > 2. net-snmp: snmptrapd crash when using a trap with empty community string > https://bugzilla.redhat.com/show_bug.cgi?id=1072778 > https://bugzilla.redhat.com/show_bug.cgi?id=1072044 > http://sourceforge.net/p/net-snmp/patches/1275/ Use CVE-2014-2285. - -- CVE assignment team, MITRE CVE Numbering Authority
SLE11 is also affected by (1). The functionality was back-ported in 2008. Patch: Add-ICMP-Statistics-Tables-support.patch
This is an autogenerated message for OBS integration: This bug (866942) was mentioned in https://build.opensuse.org/request/show/225494 12.3 / net-snmp https://build.opensuse.org/request/show/225495 13.1 / net-snmp
The SWAMPID for this issue is 56659. This issue was rated as moderate. Please submit fixed packages until 2014-03-28. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Affected packages: SLE-11-SP3: net-snmp SLE-10-SP3-TERADATA: net-snmp SLE-11-SP2: net-snmp
Info: The reproducer for issue (2) from rhn#1072044 does not trigger the problem in openSUSE or SLE.
openSUSE-SU-2014:0398-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 866942 CVE References: CVE-2014-2284,CVE-2014-2285 Sources used: openSUSE 13.1 (src): net-snmp-5.7.2-9.4.1 openSUSE 12.3 (src): net-snmp-5.7.2-3.8.1
openSUSE-SU-2014:0399-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 866942 CVE References: CVE-2014-2284,CVE-2014-2285 Sources used: openSUSE 11.4 (src): net-snmp-5.6.1-4.35.1
CVE-2014-2284: ICMP-MIB potential remotely-triggerable denial of service attack * only a potential DoS problem. no reproducer. CVE-2014-2285: snmptrapd crash when using a trap with empty community string * The reproducer from rh#1072044 was not working for any SLE/openSUSE version. * The code was just extended with additional tests.
Update released for: net-snmp, net-snmp-devel, perl-SNMP Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: libsnmp15, net-snmp, net-snmp-debuginfo, net-snmp-debugsource, net-snmp-devel, perl-SNMP, snmp-mibs Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: net-snmp, net-snmp-debuginfo, net-snmp-devel, perl-SNMP Products: SLE-DEBUGINFO 10-SP3-TERADATA (x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: libsnmp15, libsnmp15-32bit, libsnmp15-64bit, libsnmp15-x86, net-snmp, net-snmp-debuginfo, net-snmp-debugsource, net-snmp-devel, perl-SNMP, snmp-mibs Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
Fixed and released. Closing bug.
SUSE-SU-2014:0524-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 866942,867349 CVE References: CVE-2014-2284,CVE-2014-2310 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): net-snmp-5.4.2.1-8.12.20.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): net-snmp-5.4.2.1-8.12.20.1 SUSE Linux Enterprise Server 11 SP3 (src): net-snmp-5.4.2.1-8.12.20.1 SUSE Linux Enterprise Desktop 11 SP3 (src): net-snmp-5.4.2.1-8.12.20.1
This is an autogenerated message for OBS integration: This bug (866942) was mentioned in https://build.opensuse.org/request/show/234356 Factory / net-snmp
This is an autogenerated message for OBS integration: This bug (866942) was mentioned in https://build.opensuse.org/request/show/234469 Factory / net-snmp