Ubuntu
net-snmp package

  1. Bug #1912389
  2. Comment #0

Comment 0 for bug 1912389

Revision history for this message
Graham Leggett (minfrin-y) wrote :

When net-snmp is given a certificate with an extension that is longer than 512 characters, snmp crashes on startup.

Steps to Reproduce:
1. Configure net-snmp using an EV certificate from a CA (in this case Globalsign).
2. Start snmpd.
3.

Actual results:

[root@localhost tls]# systemctl status snmpd.service
● snmpd.service - Simple Network Management Protocol (SNMP) Daemon.
   Loaded: loaded (/usr/lib/systemd/system/snmpd.service; disabled; vendor preset: disabled)
   Active: failed (Result: core-dump) since Wed 2020-12-16 21:21:59 SAST; 16min ago
  Process: 53269 ExecStart=/usr/sbin/snmpd $OPTIONS -f (code=dumped, signal=SEGV)
 Main PID: 53269 (code=dumped, signal=SEGV)

Dec 16 21:21:57 localhost systemd[1]: Starting Simple Network Management Protocol (SNMP) Daemon....
Dec 16 21:21:58 localhost snmpd[53269]: refusing to read world readable or writable key /etc/snmp/tls/certs/snmpd.crt
Dec 16 21:21:58 localhost snmpd[53269]: not enough space or error in allocation for extenstion
Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Main process exited, code=dumped, status=11/SEGV
Dec 16 21:21:59 localhost systemd[1]: snmpd.service: Failed with result 'core-dump'.
Dec 16 21:21:59 localhost systemd[1]: Failed to start Simple Network Management Protocol (SNMP) Daemon..

Expected results:

Deamon starts without a crash.

Additional info:

Fix available here:

https://github.com/net-snmp/net-snmp/pull/234