diff options
author | Ovidiu Panait <ovidiu.panait@windriver.com> | 2020-09-01 12:22:00 +0300 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2020-09-03 08:28:37 -0700 |
commit | d7b41ced4b9a9a68083b0fcceff3b226298cff8b (patch) | |
tree | 03ec3cfb6aa87e35f4fa14fc3af29e0994765c4c /meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0002.patch | |
parent | b72b233d268c51376ecfa277ea8346621f632467 (diff) | |
download | meta-openembedded-contrib-d7b41ced4b9a9a68083b0fcceff3b226298cff8b.tar.gz |
net-snmp: Fix CVE-2020-15861 and CVE-2020-15862
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic
link (symlink) following.
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE
access to the EXTEND MIB provides the ability to run arbitrary commands as
root.
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-15861
https://nvd.nist.gov/vuln/detail/CVE-2020-15862
Upstream patches:
https://github.com/net-snmp/net-snmp/commit/2b3e300ade4add03b889e61d610b0db77d300fc3
https://github.com/net-snmp/net-snmp/commit/9cfb38b0aa95363da1466ca81dd929989ba27c1f
https://github.com/net-snmp/net-snmp/commit/114e4c2cec2601ca56e8afb1f441520f75a9a312
https://github.com/net-snmp/net-snmp/commit/2968b455e6f182f329746e2bca1043f368618c73
https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602
https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205
CVE-2020-15861-0005.patch is the actual fix for CVE-2020-15861 and
CVE-2020-15861-0001.patch through CVE-2020-15861-0004.patch are context
patches needed by the fix to apply cleanly.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0002.patch')
-rw-r--r-- | meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0002.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0002.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0002.patch new file mode 100644 index 0000000000..e54a8b4acb --- /dev/null +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0002.patch @@ -0,0 +1,44 @@ +From 50118392c58c8d9554580373c0dbc542336b58a9 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche <bvanassche@acm.org> +Date: Thu, 16 May 2019 13:49:05 +0200 +Subject: [PATCH 2/5] libsnmp: Fix two recently introduced issues in the MIB + parsing code + +Ensure that the first argument passed to qsort() is not NULL. Free the memory +that holds the directory contents. + +Fixes: 2b3e300ade4a ("CHANGES: libsnmp: Scan MIB directories in alphabetical order") + +CVE: CVE-2020-15861 +Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/9cfb38b0aa95363da1466ca81dd929989ba27c1f] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + snmplib/parse.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/snmplib/parse.c b/snmplib/parse.c +index 51d119b..200ba25 100644 +--- a/snmplib/parse.c ++++ b/snmplib/parse.c +@@ -4961,7 +4961,8 @@ static int scan_directory(char ***result, const char *dirname) + } + closedir(dir); + +- qsort(filenames, filename_count, sizeof(filenames[0]), elemcmp); ++ if (filenames) ++ qsort(filenames, filename_count, sizeof(filenames[0]), elemcmp); + *result = filenames; + + return filename_count; +@@ -5040,6 +5041,7 @@ add_mibdir(const char *dirname) + File = oldFile; + if (ip) + fclose(ip); ++ free(filenames); + return (count); + } + else +-- +2.17.1 + |