Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 21 Apr 2015 15:10:18 +0800
From: 罗大龙 <luodalongde@...il.com>
To: Raphaël Rigo <ml-oss@...call.eu>, 
	oss-security@...ts.openwall.com
Subject: Re: net-snmp snmp_pdu_parse() function incompletely
 initializaition vulnerability

Detail info:
https://sourceforge.net/p/net-snmp/bugs/2615/

2015-04-21 14:59 GMT+08:00 罗大龙 <luodalongde@...il.com>:

> Hi
>    I using snmp v3 protocol , and these crash info are about client.
>    Net-snmp software had ensure this vulnerability , and I will forward
> the message to you .
>
> 2015-04-20 21:33 GMT+08:00 Raphaël Rigo <ml-oss@...call.eu>:
>
>> Hello,
>>
>> On 13/04/2015 07:44, 罗大龙 wrote:
>> > Greeting! This is Qinghao Tang from QIHU 360  company, China. I am a
>> > security researcher there.
>> >
>> > I'm writing to apply for a CVE ID, for a 0day vulnerability in net-snmp.
>> > Please refer to below report.
>> >
>> Thank you for your report, it is very interesting.
>> I'm currently trying to understand the possible impact in one product we
>> are using. I tried to reproduce the crashed but I could not.
>>
>>
>> Would you mind sharing information regarding how you managed to get
>> those crashes ? :
>>
>> > [crash info from /var/log/messages]
>> >
>> > sprint_realloc_integer
>> >
>> > snmpget:0x290a3
>> >
>> > overview:Feb 22 11:37:48 localhost kernel: snmpget[24260]: segfault at
>> 0 ip
>> > 00007f00cbff20a3 sp 00007fff7bf08620 error 4 in
>> > libnetsnmp.so.30.0.3[7f00cbfc9000+ac000]
>> >
>> [...]
>>
>> Is it using SNMPv3 or v1 ?
>>
>> Or is it in the client ?
>>
>> Regards,
>> Raphaël Rigo
>>
>>
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ