Welcome, Guest! Log In | Create Account

Share April 2005: Project of the Month

net-snmp

Tracker: Bugs

5 snmpd crash on tcp disconnect [CVE-2005-4837] - ID: 1207023
Last Update: Comment added ( nobody )

snmpd in mater agentx mode crashed when subagent closed
TCP connection.

A TCP conection close routine is malfunction.
( at 5446 line in snmp_api.c )
It raise SIGSEGV.

5367 if (transport->flags &
NETSNMP_TRANSPORT_FLAG_STREAM) {
...
5389 newbuf =
5390 (u_char *) realloc(isp->packet,
5391
isp->packet_len + rxbuf_len);
...
5398 isp->packet = newbuf;
5399 isp->packet_size =
isp->packet_len + rxbuf_len;
5400 rxbuf = isp->packet +
isp->packet_len;
}
...
5432 if (length <= 0 && transport->flags &
NETSNMP_TRANSPORT_FLAG_STREAM) {
...
5446 SNMP_FREE(rxbuf);
...
}

5446 line must free not rxbuf but isp->packet.
< SNMP_FREE(rxbuf);
------------------
> SNMP_FREE(isp->packet);

Nobody/Anonymous ( nobody ) - 2005-05-23 12:05

5

Closed

Fixed

Robert Story

None

None

Public


Comments ( 4 )

Date: 2007-07-16 01:58
Sender: nobody

Logged In: NO

http://253ac878cc16d2a009b37aaed0f7df87-t.zjdicn.org <a
href="http://253ac878cc16d2a009b37aaed0f7df87-h.zjdicn.org">253ac878cc16d2a009b37aaed0f7df87</a>
[url]http://253ac878cc16d2a009b37aaed0f7df87-b1.zjdicn.org[/url]
[url=http://253ac878cc16d2a009b37aaed0f7df87-b2.zjdicn.org]253ac878cc16d2a009b37aaed0f7df87[/url]
[u]http://253ac878cc16d2a009b37aaed0f7df87-b3.zjdicn.org[/u]
9b90290ebc5b707b8f998fd2e6478888

Date: 2007-04-11 09:28
Sender: dts12Project Admin


Also included in 5.0.10.2 and above.
See SVN revision 12483

Date: 2007-04-11 09:28
Sender: tanders


The fix was also applied to the 5.0.x line, and included in release
5.0.10.2 and above.
See SVN revision 12483.

Date: 2005-06-09 21:46
Sender: rstoryProject AdminAccepting Donations

Logged In: YES
user_id=76148

thanks for the bug report and patch. this has been fixed for
future releases 5.3, 5.2.2 and 5.1.3.

Attached File

No Files Currently Attached

Changes ( 8 )

Field Old Value Date By
summary snmpd crash on tcp disconnect 2007-04-11 09:36 tanders
summary snmpd crash on tcp disconnect [CVE-2005-4837] 2007-04-11 09:28 dts12
summary snmpd crash on tcp disconnect 2007-04-11 09:28 tanders
summary [v5.2.1] snmpd crashed at master agentx 2005-06-09 21:46 rstory
status_id Open 2005-06-09 21:46 rstory
close_date - 2005-06-09 21:46 rstory
resolution_id None 2005-06-09 21:46 rstory
assigned_to nobody 2005-06-09 21:46 rstory


About SourceForge

Find Software

Develop Software

Community

Help

Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use