UbuntuUpdates.org

Package "snmpd"

Name: snmpd

Description:

SNMP (Simple Network Management Protocol) agents

Latest version: 5.7.3+dfsg-1.8ubuntu3.8
Release: bionic (18.04)
Level: updates
Repository: main
Head package: net-snmp
Homepage: http://net-snmp.sourceforge.net/

Links


Download "snmpd"


Other versions of "snmpd" in Bionic

Repository Area Version
base main 5.7.3+dfsg-1.8ubuntu3
security main 5.7.3+dfsg-1.8ubuntu3.8

Changelog

Version: 5.7.3+dfsg-1.8ubuntu3.8 2023-01-09 16:06:36 UTC

  net-snmp (5.7.3+dfsg-1.8ubuntu3.8) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS via null pointer exception issues
    - debian/patches/CVE-2022-4479x-1.patch: disallow SET with NULL varbind
      in agent/snmp_agent.c.
    - debian/patches/CVE-2022-4479x-2.patch: allow SET with NULL varbind
      for testing in apps/snmpset.c.
    - debian/patches/CVE-2022-4479x-3.patch: add test for NULL varbind set
      in testing/fulltests/default/T0142snmpv2csetnull_simple.
    - CVE-2022-44792
    - CVE-2022-44793

 -- Marc Deslauriers <email address hidden> Fri, 06 Jan 2023 11:09:18 -0500

Source diff to previous version
CVE-2022-4479 RESERVED
CVE-2022-44792 handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote
CVE-2022-44793 handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a

Version: 5.7.3+dfsg-1.8ubuntu3.7 2022-08-01 17:07:28 UTC

  net-snmp (5.7.3+dfsg-1.8ubuntu3.7) bionic-security; urgency=medium

  * SECURITY UPDATE: Multiple security issus
    - debian/patches/CVE-2022-248xx-1.patch: fix bounds checking in
      NET-SNMP-AGENT-MIB, NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB,
      SNMP-USER-BASED-SM-MIB in agent/mibgroup/agent/nsLogging.c,
      agent/mibgroup/agent/nsVacmAccessTable.c,
      agent/mibgroup/mibII/vacm_vars.c, agent/mibgroup/snmpv3/usmUser.
    - debian/patches/CVE-2022-248xx-2.patch: recover SET status from
      delegated request in agent/snmp_agent.c.
    - CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808,
      CVE-2022-24809, CVE-2022-24810

 -- Marc Deslauriers <email address hidden> Mon, 25 Jul 2022 14:23:32 -0400

Source diff to previous version
CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access
CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously
CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access
CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference
CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference

Version: 5.7.3+dfsg-1.8ubuntu3.6 2020-09-01 15:06:37 UTC

  net-snmp (5.7.3+dfsg-1.8ubuntu3.6) bionic-security; urgency=medium

  * SECURITY REGRESSION: The update for CVE-2020-15862 making mib extend
    read-only caused nsExtendCacheTime to be not setable anymore (LP: #1892980)
    - debian/patches/CVE-2020-15862-bug1893465.patch: add -cacheTime and
      -execType flags to "extend" config directive in
      agent/mibgroup/agent/extend.c, man/snmpd.conf.5.def.

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 28 Aug 2020 17:14:41 -0300

Source diff to previous version
1892980 NET-SNMP-EXTEND-MIB::nsExtendCacheTime cannot be set anymore
CVE-2020-15862 Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands a

Version: 5.7.3+dfsg-1.8ubuntu3.5 2020-08-24 18:06:38 UTC

  net-snmp (5.7.3+dfsg-1.8ubuntu3.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Elevation of privileges - symlink handling
    - debian/patches/CVE-2020-15861.patch: stop reading and writing
      the mib_indexes files in include/net-snmp/library/mib.h,
      include/net-snmp/library/parse.h, snmplib/mib.c, snmplib/parse.c.
    - CVE-2020-15861
  * SECURITY UPDATE: Elevation of privileges
    - debian/patches/CVE-2020-15862.patch: make the extend mib
      read-only by default in agent/mibgroup/agent/extend.c.
    - CVE-2020-15862

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Aug 2020 16:16:25 -0300

Source diff to previous version
CVE-2020-15861 Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
CVE-2020-15862 Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands a

Version: 5.7.3+dfsg-1.8ubuntu3.3 2019-09-12 13:06:36 UTC

  net-snmp (5.7.3+dfsg-1.8ubuntu3.3) bionic; urgency=medium

  * d/p/put-paranthesis-around-macros-which-are-expressions.patch:
    - put paranthesis around macros which are expressions.
    (LP: #1843036)

  * d/p/fix-check-hr-filesys-autofs.patch:
    - On Linux getmntent() is available but getfsstat() not.
      Hence remove #if HAVE_GETFSSTAT from around the HRFS_type
      check.

1843036 [regression] SNMP missing disks in hrStorageTable



About   -   Send Feedback to @ubuntu_updates