Bug 1552844 (CVE-2018-1000116)

Summary: CVE-2018-1000116 net-snmp: Heap corruption in snmp_pdu_parse function in snmplib/snmp_api.c
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jridky, jsafrane, luigiwalser, thozza, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-19 23:53:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1552845    
Bug Blocks: 1552846    

Description Pedro Sampaio 2018-03-07 20:41:51 UTC
The version 5.7.2 was vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process.

Upstream issue:


Upstream patch:


Comment 1 Pedro Sampaio 2018-03-07 20:42:38 UTC
Created net-snmp tracking bugs for this issue:

Affects: fedora-all [bug 1552845]

Comment 2 David Walser 2018-03-15 13:49:38 UTC
The "upstream patch" linked in Comment 0 is the same as for Bug 1212408, which was CVE-2015-5621.

Comment 3 Pedro Yóssis Silva Barbosa 2018-03-19 23:53:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:1636: https://access.redhat.com/errata/RHSA-2015:1636

Comment 4 Pedro Yóssis Silva Barbosa 2018-03-19 23:53:58 UTC
External References: