CLD-318 Details

Other IDs this deficiency may be known by:

Basic Information:

Version Specific Information:

Details:

=================================== Overview ===================================

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP
protocol handler that can result in command execution. 

================================ Initial Report ================================

From https://sourceforge.net/p/net-snmp/bugs/2821/:

NET-SNMP is a service listening on a UDP port which provides useful information
to administrators related to the network, the CPU activity or the memory
currently used. It is usually polled in order to perform various sanity checks
using home made scripts. Access to this service is restricted using a community
secret (v1 and v2c of the protocol) or a more complex authentication process
(v3).

The version 5.7.2 was vulnerable to a heap corruption within the parsing of the
PDU prior to the authentication process.

Details given in the attached document

https://sourceforge.net/p/net-snmp/bugs/2821/attachment/SNMP_SecurityIssue.docx

================================= Our Analysis =================================

----- Affected Products -----
Net-snmp version 5.7.3 (as originally packaged in Cucumber Linux) is vulnerable
to this. This includes the origianl version of net-snmp in Cucumber Linux 1.0
and 1.1.

----- Scope and Impact of this Vulnerability -----
Allows for remote code execution.

----- Fix for this Vulnerability -----
Fixed in
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/tree/snmplib/snmp_api.c?diff=dba5362b9fc262d66e4dcc9de2a9d4e84a900a92

================================= Our Solution =================================

We have applied a modified version of the aforementioned patch and rebuilt. The
modified patch can be found at:
http://mirror.cucumberlinux.com/cucumber/cucumber-1.1/source/net-general/net-snmp/patches/00020_CVE-2018-1000116_f23bcd3ac6ddee5d0a48f9703007ccc738914791.patch