oss-sec mailing list archives
Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability
From: 罗大龙 <luodalongde () gmail com>
Date: Tue, 21 Apr 2015 15:10:18 +0800
Detail info: https://sourceforge.net/p/net-snmp/bugs/2615/ 2015-04-21 14:59 GMT+08:00 罗大龙 <luodalongde () gmail com>:
Hi I using snmp v3 protocol , and these crash info are about client. Net-snmp software had ensure this vulnerability , and I will forward the message to you . 2015-04-20 21:33 GMT+08:00 Raphaël Rigo <ml-oss () syscall eu>:Hello, On 13/04/2015 07:44, 罗大龙 wrote:Greeting! This is Qinghao Tang from QIHU 360 company, China. I am a security researcher there. I'm writing to apply for a CVE ID, for a 0day vulnerability in net-snmp. Please refer to below report.Thank you for your report, it is very interesting. I'm currently trying to understand the possible impact in one product we are using. I tried to reproduce the crashed but I could not. Would you mind sharing information regarding how you managed to get those crashes ? :[crash info from /var/log/messages] sprint_realloc_integer snmpget:0x290a3 overview:Feb 22 11:37:48 localhost kernel: snmpget[24260]: segfault at0 ip00007f00cbff20a3 sp 00007fff7bf08620 error 4 in libnetsnmp.so.30.0.3[7f00cbfc9000+ac000][...] Is it using SNMPv3 or v1 ? Or is it in the client ? Regards, Raphaël Rigo
Current thread:
- net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability 罗大龙 (Apr 12)
- Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Stefan Cornelius (Apr 16)
- Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Salvatore Bonaccorso (May 10)
- Message not available
- Message not available
- Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability 罗大龙 (Apr 21)
- Message not available
- Re: net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability Stefan Cornelius (Apr 16)