| 2021-01-19 19:09:25 |
Graham Leggett |
bug |
|
|
added bug |
| 2021-01-20 22:27:30 |
Sergio Durigan Junior |
affects |
nagios-plugins (Ubuntu) |
net-snmp (Ubuntu) |
|
| 2021-01-20 22:27:40 |
Sergio Durigan Junior |
bug |
|
|
added subscriber Sergio Durigan Junior |
| 2021-01-20 22:32:15 |
Sergio Durigan Junior |
bug |
|
|
added subscriber Ubuntu Server |
| 2021-01-21 14:19:03 |
Paride Legovini |
bug watch added |
|
https://github.com/net-snmp/net-snmp/issues/233 |
|
| 2021-01-21 14:19:03 |
Paride Legovini |
bug task added |
|
netsnmp |
|
| 2021-01-21 14:50:39 |
Paride Legovini |
net-snmp (Ubuntu): status |
New |
Triaged |
|
| 2021-01-21 16:58:27 |
Bug Watch Updater |
netsnmp: status |
Unknown |
New |
|
| 2021-01-22 12:51:44 |
Paride Legovini |
nominated for series |
|
Ubuntu Focal |
|
| 2021-01-22 12:51:44 |
Paride Legovini |
bug task added |
|
net-snmp (Ubuntu Focal) |
|
| 2021-01-22 12:51:54 |
Paride Legovini |
net-snmp (Ubuntu Focal): status |
New |
Invalid |
|
| 2021-01-22 18:37:10 |
Bug Watch Updater |
netsnmp: status |
New |
Fix Released |
|
| 2021-05-25 21:26:20 |
Sergio Durigan Junior |
net-snmp (Ubuntu): assignee |
|
Sergio Durigan Junior (sergiodj) |
|
| 2021-05-25 21:26:24 |
Sergio Durigan Junior |
net-snmp (Ubuntu): importance |
Undecided |
Medium |
|
| 2021-05-25 21:35:07 |
Sergio Durigan Junior |
nominated for series |
|
Ubuntu Impish |
|
| 2021-05-25 21:35:07 |
Sergio Durigan Junior |
bug task added |
|
net-snmp (Ubuntu Impish) |
|
| 2021-05-25 21:35:07 |
Sergio Durigan Junior |
nominated for series |
|
Ubuntu Hirsute |
|
| 2021-05-25 21:35:07 |
Sergio Durigan Junior |
bug task added |
|
net-snmp (Ubuntu Hirsute) |
|
| 2021-05-25 21:35:14 |
Sergio Durigan Junior |
net-snmp (Ubuntu Hirsute): assignee |
|
Sergio Durigan Junior (sergiodj) |
|
| 2021-05-25 21:35:19 |
Sergio Durigan Junior |
net-snmp (Ubuntu Hirsute): status |
New |
Triaged |
|
| 2021-05-25 21:35:21 |
Sergio Durigan Junior |
net-snmp (Ubuntu Hirsute): importance |
Undecided |
Medium |
|
| 2021-05-25 23:55:35 |
Sergio Durigan Junior |
description |
When net-snmp is given a certificate with an extension that is longer than 512 characters, snmp crashes on startup.
Steps to Reproduce:
1. Configure net-snmp using an EV certificate from a CA (in this case Globalsign).
2. Start snmpd.
3.
Actual results:
[root@localhost tls]# systemctl status snmpd.service
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
Active: failed (Result: core-dump) since Wed 2020-12-16 21:21:59 SAST; 16min ago
Process: 53269 ExecStart=/usr/sbin/snmpd $OPTIONS -f (code=dumped, signal=SEGV)
Main PID: 53269 (code=dumped, signal=SEGV)
Dec 16 21:21:57 localhost systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
Dec 16 21:21:58 localhost snmpd[53269]: refusing to read world readable or writable key /etc/snmp/tls/certs/snmpd.crt
Dec 16 21:21:58 localhost snmpd[53269]: not enough space or error in allocation for extenstion
Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Main process exited, code=dumped, status=11/SEGV
Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Failed with result 'core-dump'.
Dec 16 21:21:59 localhost systemd[1]: Failed to start Simple Network Management Protocol (SNMP) Daemon..
Expected results:
Deamon starts without a crash.
Additional info:
Fix available here:
https://github.com/net-snmp/net-snmp/pull/234 |
[ Impact ]
Users can experience a segmentation fault on snmpd (part of net-snmp) when using a certificate that contains an extension longer than 512 bytes and debug output (-D) is enabled. Although this only happens when debugging, it seems to be pretty common to find certificates whose extensions are larger than 512 bytes.
[ Test Case ]
Below you can find a step-by-step procedure to reproduce the bug. Bear in mind that the "sed" command may be mangled due to Launchpad's text renderization.
$ lxc launch images:ubuntu/hirsute net-snmp-bug1912389
$ lxc shell net-snmp-bug1912389
# apt update && apt install net-snmp -y
# sed -i "s@^#\s*nsCertType.*@nsCertType = client,email,objsign@; s@^#\s*nsCaRevocationUrl.*@nsCaRevocationUrl = http://www.myverylongurl$(printf '%*s' 512 | tr ' ' 'a').com/ca-crl.pem@; s@^#\s*extendedKeyUsage.*@extendedKeyUsage = critical,timeStamping,serverAuth,clientAuth,codeSigning,emailProtection@; s@^#\s*keyUsage.*@keyUsage = nonRepudiation,digitalSignature,keyEncipherment@" /etc/ssl/openssl.cnf
# openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -extensions usr_cert -subj '/CN=localhost' -config /etc/ssl/openssl.cnf
# mkdir -p $HOME/.snmp/tls/certs
# cp localhost.crt $HOME/.snmp/tls/certs
# systemctl stop snmpd.service
# snmpd -DALL
...
not enough space or error in allocation for extenstion
Segmentation fault (core dumped)
#
[ Where problems could occur ]
The backported patches are very straightforward and only impact code that is run when debug (-D) is active. There is not much room for regression here, especially considering that this is a very recent version of the package that will very likely not be affected by newer rebuilds.
[ Original Description ]
When net-snmp is given a certificate with an extension that is longer than 512 characters, snmp crashes on startup.
Steps to Reproduce:
1. Configure net-snmp using an EV certificate from a CA (in this case Globalsign).
2. Start snmpd.
3.
Actual results:
[root@localhost tls]# systemctl status snmpd.service
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
Active: failed (Result: core-dump) since Wed 2020-12-16 21:21:59 SAST; 16min ago
Process: 53269 ExecStart=/usr/sbin/snmpd $OPTIONS -f (code=dumped, signal=SEGV)
Main PID: 53269 (code=dumped, signal=SEGV)
Dec 16 21:21:57 localhost systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
Dec 16 21:21:58 localhost snmpd[53269]: refusing to read world readable or writable key /etc/snmp/tls/certs/snmpd.crt
Dec 16 21:21:58 localhost snmpd[53269]: not enough space or error in allocation for extenstion
Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Main process exited, code=dumped, status=11/SEGV
Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Failed with result 'core-dump'.
Dec 16 21:21:59 localhost systemd[1]: Failed to start Simple Network Management Protocol (SNMP) Daemon..
Expected results:
Deamon starts without a crash.
Additional info:
Fix available here:
https://github.com/net-snmp/net-snmp/pull/234 |
|
| 2021-05-26 00:07:24 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~sergiodj/ubuntu/+source/net-snmp/+git/net-snmp/+merge/403298 |
|
| 2021-05-26 00:08:02 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~sergiodj/ubuntu/+source/net-snmp/+git/net-snmp/+merge/403299 |
|
| 2021-06-07 11:35:11 |
Graham Leggett |
bug watch added |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1908718 |
|
| 2021-06-12 14:41:23 |
Launchpad Janitor |
net-snmp (Ubuntu Impish): status |
Triaged |
Fix Released |
|
| 2021-06-16 11:00:47 |
Robie Basak |
net-snmp (Ubuntu Hirsute): status |
Triaged |
Fix Committed |
|
| 2021-06-16 11:00:49 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2021-06-16 11:00:50 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
| 2021-06-16 11:00:54 |
Robie Basak |
tags |
patch |
patch verification-needed verification-needed-hirsute |
|
| 2021-09-30 17:01:05 |
Mathew Hodson |
bug task deleted |
net-snmp (Ubuntu Focal) |
|
|
| 2021-10-06 16:50:02 |
Sergio Durigan Junior |
tags |
patch verification-needed verification-needed-hirsute |
patch verification-done-hirsute |
|
| 2021-10-06 16:50:13 |
Sergio Durigan Junior |
description |
[ Impact ]
Users can experience a segmentation fault on snmpd (part of net-snmp) when using a certificate that contains an extension longer than 512 bytes and debug output (-D) is enabled. Although this only happens when debugging, it seems to be pretty common to find certificates whose extensions are larger than 512 bytes.
[ Test Case ]
Below you can find a step-by-step procedure to reproduce the bug. Bear in mind that the "sed" command may be mangled due to Launchpad's text renderization.
$ lxc launch images:ubuntu/hirsute net-snmp-bug1912389
$ lxc shell net-snmp-bug1912389
# apt update && apt install net-snmp -y
# sed -i "s@^#\s*nsCertType.*@nsCertType = client,email,objsign@; s@^#\s*nsCaRevocationUrl.*@nsCaRevocationUrl = http://www.myverylongurl$(printf '%*s' 512 | tr ' ' 'a').com/ca-crl.pem@; s@^#\s*extendedKeyUsage.*@extendedKeyUsage = critical,timeStamping,serverAuth,clientAuth,codeSigning,emailProtection@; s@^#\s*keyUsage.*@keyUsage = nonRepudiation,digitalSignature,keyEncipherment@" /etc/ssl/openssl.cnf
# openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -extensions usr_cert -subj '/CN=localhost' -config /etc/ssl/openssl.cnf
# mkdir -p $HOME/.snmp/tls/certs
# cp localhost.crt $HOME/.snmp/tls/certs
# systemctl stop snmpd.service
# snmpd -DALL
...
not enough space or error in allocation for extenstion
Segmentation fault (core dumped)
#
[ Where problems could occur ]
The backported patches are very straightforward and only impact code that is run when debug (-D) is active. There is not much room for regression here, especially considering that this is a very recent version of the package that will very likely not be affected by newer rebuilds.
[ Original Description ]
When net-snmp is given a certificate with an extension that is longer than 512 characters, snmp crashes on startup.
Steps to Reproduce:
1. Configure net-snmp using an EV certificate from a CA (in this case Globalsign).
2. Start snmpd.
3.
Actual results:
[root@localhost tls]# systemctl status snmpd.service
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
Active: failed (Result: core-dump) since Wed 2020-12-16 21:21:59 SAST; 16min ago
Process: 53269 ExecStart=/usr/sbin/snmpd $OPTIONS -f (code=dumped, signal=SEGV)
Main PID: 53269 (code=dumped, signal=SEGV)
Dec 16 21:21:57 localhost systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
Dec 16 21:21:58 localhost snmpd[53269]: refusing to read world readable or writable key /etc/snmp/tls/certs/snmpd.crt
Dec 16 21:21:58 localhost snmpd[53269]: not enough space or error in allocation for extenstion
Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Main process exited, code=dumped, status=11/SEGV
Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Failed with result 'core-dump'.
Dec 16 21:21:59 localhost systemd[1]: Failed to start Simple Network Management Protocol (SNMP) Daemon..
Expected results:
Deamon starts without a crash.
Additional info:
Fix available here:
https://github.com/net-snmp/net-snmp/pull/234 |
[ Impact ]
Users can experience a segmentation fault on snmpd (part of net-snmp) when using a certificate that contains an extension longer than 512 bytes and debug output (-D) is enabled. Although this only happens when debugging, it seems to be pretty common to find certificates whose extensions are larger than 512 bytes.
[ Test Case ]
Below you can find a step-by-step procedure to reproduce the bug. Bear in mind that the "sed" command may be mangled due to Launchpad's text renderization.
$ lxc launch images:ubuntu/hirsute net-snmp-bug1912389
$ lxc shell net-snmp-bug1912389
# apt update && apt install snmpd -y
# sed -i "s@^#\s*nsCertType.*@nsCertType = client,email,objsign@; s@^#\s*nsCaRevocationUrl.*@nsCaRevocationUrl = http://www.myverylongurl$(printf '%*s' 512 | tr ' ' 'a').com/ca-crl.pem@; s@^#\s*extendedKeyUsage.*@extendedKeyUsage = critical,timeStamping,serverAuth,clientAuth,codeSigning,emailProtection@; s@^#\s*keyUsage.*@keyUsage = nonRepudiation,digitalSignature,keyEncipherment@" /etc/ssl/openssl.cnf
# openssl req -x509 -out localhost.crt -keyout localhost.key -newkey rsa:2048 -nodes -sha256 -extensions usr_cert -subj '/CN=localhost' -config /etc/ssl/openssl.cnf
# mkdir -p $HOME/.snmp/tls/certs
# cp localhost.crt $HOME/.snmp/tls/certs
# systemctl stop snmpd.service
# snmpd -DALL
...
not enough space or error in allocation for extenstion
Segmentation fault (core dumped)
#
[ Where problems could occur ]
The backported patches are very straightforward and only impact code that is run when debug (-D) is active. There is not much room for regression here, especially considering that this is a very recent version of the package that will very likely not be affected by newer rebuilds.
[ Original Description ]
When net-snmp is given a certificate with an extension that is longer than 512 characters, snmp crashes on startup.
Steps to Reproduce:
1. Configure net-snmp using an EV certificate from a CA (in this case Globalsign).
2. Start snmpd.
3.
Actual results:
[root@localhost tls]# systemctl status snmpd.service
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
Active: failed (Result: core-dump) since Wed 2020-12-16 21:21:59 SAST; 16min ago
Process: 53269 ExecStart=/usr/sbin/snmpd $OPTIONS -f (code=dumped, signal=SEGV)
Main PID: 53269 (code=dumped, signal=SEGV)
Dec 16 21:21:57 localhost systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
Dec 16 21:21:58 localhost snmpd[53269]: refusing to read world readable or writable key /etc/snmp/tls/certs/snmpd.crt
Dec 16 21:21:58 localhost snmpd[53269]: not enough space or error in allocation for extenstion
Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Main process exited, code=dumped, status=11/SEGV
Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Failed with result 'core-dump'.
Dec 16 21:21:59 localhost systemd[1]: Failed to start Simple Network Management Protocol (SNMP) Daemon..
Expected results:
Deamon starts without a crash.
Additional info:
Fix available here:
https://github.com/net-snmp/net-snmp/pull/234 |
|
| 2021-10-11 18:01:36 |
Launchpad Janitor |
net-snmp (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
| 2021-10-11 18:01:41 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2022-01-12 02:04:40 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~sergiodj/ubuntu/+source/net-snmp/+git/net-snmp/+merge/413995 |
|
| 2022-01-12 12:40:31 |
Andreas Hasenack |
merge proposal unlinked |
https://code.launchpad.net/~sergiodj/ubuntu/+source/net-snmp/+git/net-snmp/+merge/413995 |
|
|
