aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0004.patch
diff options
context:
space:
mode:
authorOvidiu Panait <ovidiu.panait@windriver.com>2020-09-01 12:22:00 +0300
committerArmin Kuster <akuster808@gmail.com>2020-09-03 08:28:37 -0700
commitd7b41ced4b9a9a68083b0fcceff3b226298cff8b (patch)
tree03ec3cfb6aa87e35f4fa14fc3af29e0994765c4c /meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0004.patch
parentb72b233d268c51376ecfa277ea8346621f632467 (diff)
downloadmeta-openembedded-contrib-d7b41ced4b9a9a68083b0fcceff3b226298cff8b.tar.gz
meta-openembedded-contrib-d7b41ced4b9a9a68083b0fcceff3b226298cff8b.tar.bz2
meta-openembedded-contrib-d7b41ced4b9a9a68083b0fcceff3b226298cff8b.zip
net-snmp: Fix CVE-2020-15861 and CVE-2020-15862
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. References: https://nvd.nist.gov/vuln/detail/CVE-2020-15861 https://nvd.nist.gov/vuln/detail/CVE-2020-15862 Upstream patches: https://github.com/net-snmp/net-snmp/commit/2b3e300ade4add03b889e61d610b0db77d300fc3 https://github.com/net-snmp/net-snmp/commit/9cfb38b0aa95363da1466ca81dd929989ba27c1f https://github.com/net-snmp/net-snmp/commit/114e4c2cec2601ca56e8afb1f441520f75a9a312 https://github.com/net-snmp/net-snmp/commit/2968b455e6f182f329746e2bca1043f368618c73 https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 CVE-2020-15861-0005.patch is the actual fix for CVE-2020-15861 and CVE-2020-15861-0001.patch through CVE-2020-15861-0004.patch are context patches needed by the fix to apply cleanly. Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0004.patch')
-rw-r--r--meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0004.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0004.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0004.patch
new file mode 100644
index 0000000000..f0e709636e
--- /dev/null
+++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15861-0004.patch
@@ -0,0 +1,33 @@
+From 545742d1867d70a645a63161ede4a391456691fc Mon Sep 17 00:00:00 2001
+From: Bill Fenner <fenner@gmail.com>
+Date: Mon, 3 Jun 2019 10:01:08 -0700
+Subject: [PATCH 4/5] libsnmp: free filenames from directory listing
+
+Free each filename as we use it, as well as freeing the
+list of filenames.
+
+Fixes: 2b3e300ade4a ("CHANGES: libsnmp: Scan MIB directories in alphabetical order")
+
+CVE: CVE-2020-15861
+Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/2968b455e6f182f329746e2bca1043f368618c73]
+
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+---
+ snmplib/parse.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/snmplib/parse.c b/snmplib/parse.c
+index 0414337..7f98542 100644
+--- a/snmplib/parse.c
++++ b/snmplib/parse.c
+@@ -5037,6 +5037,7 @@ add_mibdir(const char *dirname)
+ for (i = 0; i < filename_count; i++) {
+ if (add_mibfile(filenames[i], strrchr(filenames[i], '/'), ip) == 0)
+ count++;
++ free(filenames[i]);
+ }
+ File = oldFile;
+ if (ip)
+--
+2.17.1
+