diff --git a/SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch b/SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch new file mode 100644 index 0000000..394c714 --- /dev/null +++ b/SOURCES/net-snmp-5.7.2-CVE-2020-15862.patch @@ -0,0 +1,70 @@ +diff -urNp old/agent/mibgroup/agent/extend.c new/agent/mibgroup/agent/extend.c +--- old/agent/mibgroup/agent/extend.c 2020-11-11 12:41:46.377115142 +0100 ++++ new/agent/mibgroup/agent/extend.c 2020-11-11 12:50:28.047142105 +0100 +@@ -16,6 +16,12 @@ + #define SHELLCOMMAND 3 + #endif + ++/* This mib is potentially dangerous to turn on by default, since it ++ * allows arbitrary commands to be set by anyone with SNMP WRITE ++ * access to the MIB table. If all of your users are "root" level ++ * users, then it may be safe to turn on. */ ++#define ENABLE_EXTEND_WRITE_ACCESS 0 ++ + netsnmp_feature_require(extract_table_row_data) + netsnmp_feature_require(table_data_delete_table) + #ifndef NETSNMP_NO_WRITE_SUPPORT +@@ -723,7 +729,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h + * + **********/ + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + case MODE_SET_RESERVE1: + /* + * Validate the new assignments +@@ -1049,7 +1055,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h + } + } + break; +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */ + + default: + netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR); +@@ -1057,7 +1063,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h + } + } + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + /* + * If we're marking a given row as active, + * then we need to check that it's ready. +@@ -1082,7 +1088,7 @@ handle_nsExtendConfigTable(netsnmp_mib_h + } + } + } +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */ + + return SNMP_ERR_NOERROR; + } +@@ -1571,7 +1577,7 @@ fixExec2Error(int action, + idx = name[name_len-1] -1; + exten = &compatability_entries[ idx ]; + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + switch (action) { + case MODE_SET_RESERVE1: + if (var_val_type != ASN_INTEGER) { +@@ -1592,7 +1598,7 @@ fixExec2Error(int action, + case MODE_SET_COMMIT: + netsnmp_cache_check_and_reload( exten->efix_entry->cache ); + } +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */ + return SNMP_ERR_NOERROR; + } + #endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */ diff --git a/SPECS/net-snmp.spec b/SPECS/net-snmp.spec index 8d03000..ceb3825 100644 --- a/SPECS/net-snmp.spec +++ b/SPECS/net-snmp.spec @@ -11,7 +11,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.7.2 -Release: 49%{?dist} +Release: 49%{?dist}.1 Epoch: 1 License: BSD @@ -125,6 +125,7 @@ Patch89: net-snmp-5.7.2-sec-counter.patch Patch90: net-snmp-5.7.2-memory-leak.patch Patch91: net-snmp-5.7.2-flood-messages.patch Patch92: net-snmp-5.7.2-proc-whitespace.patch +Patch93: net-snmp-5.7.2-CVE-2020-15862.patch Requires(post): chkconfig Requires(preun): chkconfig @@ -371,6 +372,7 @@ The net-snmp-sysvinit package provides SysV init scripts for Net-SNMP daemons. %patch90 -p1 -b .memory-leak %patch91 -p1 -b .flood-messages %patch92 -p1 -b .proc-whitespace +%patch93 -p1 -b .CVE-2020-15862 %ifarch sparc64 s390 s390x # disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697 @@ -666,6 +668,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_initrddir}/snmptrapd %changelog +* Wed Nov 11 2020 Josef Ridky - 1:5.7.2-49.1 +- fix CVE-2020-15862 (#1875496) + * Thu Jun 04 2020 Josef Ridky - 1:5.7.2-49 - add missing part of memory leak patch (#1794168) - fix if_inet6 messages floood (#1765449)