From aadab49f98cd7c0c2e4edaa53f0b736451c25443 Mon Sep 17 00:00:00 2001 From: wangxp006 Date: Thu, 8 Oct 2020 18:44:04 +0800 Subject: [PATCH] fix CVE-2020-15862 --- CVE-2020-15862.patch | 83 ++++++++++++++++++++++++++++++++++++++++++++ net-snmp.spec | 9 ++++- 2 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-15862.patch diff --git a/CVE-2020-15862.patch b/CVE-2020-15862.patch new file mode 100644 index 0000000..2d4d002 --- /dev/null +++ b/CVE-2020-15862.patch @@ -0,0 +1,83 @@ +From 77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 Mon Sep 17 00:00:00 2001 +From: Wes Hardaker +Date: Thu, 23 Jul 2020 16:17:27 -0700 +Subject: [PATCH] make the extend mib read-only by default + +--- + agent/mibgroup/agent/extend.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c +index 379ea603b..bd8143057 100644 +--- a/agent/mibgroup/agent/extend.c ++++ b/agent/mibgroup/agent/extend.c +@@ -16,6 +16,12 @@ + #define SHELLCOMMAND 3 + #endif + ++/* This mib is potentially dangerous to turn on by default, since it ++ * allows arbitrary commands to be set by anyone with SNMP WRITE ++ * access to the MIB table. If all of your users are "root" level ++ * users, then it may be safe to turn on. */ ++#define ENABLE_EXTEND_WRITE_ACCESS 0 ++ + netsnmp_feature_require(extract_table_row_data); + netsnmp_feature_require(table_data_delete_table); + #ifndef NETSNMP_NO_WRITE_SUPPORT +@@ -742,7 +748,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + * + **********/ + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + case MODE_SET_RESERVE1: + /* + * Validate the new assignments +@@ -1068,7 +1074,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + } + } + break; +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */ + + default: + netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR); +@@ -1076,7 +1082,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + } + } + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + /* + * If we're marking a given row as active, + * then we need to check that it's ready. +@@ -1101,7 +1107,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + } + } + } +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */ + + return SNMP_ERR_NOERROR; + } +@@ -1587,7 +1593,7 @@ fixExec2Error(int action, + idx = name[name_len-1] -1; + exten = &compatability_entries[ idx ]; + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + switch (action) { + case MODE_SET_RESERVE1: + if (var_val_type != ASN_INTEGER) { +@@ -1608,7 +1614,7 @@ fixExec2Error(int action, + case MODE_SET_COMMIT: + netsnmp_cache_check_and_reload( exten->efix_entry->cache ); + } +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */ + return SNMP_ERR_NOERROR; + } + #endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */ +-- +2.23.0 + diff --git a/net-snmp.spec b/net-snmp.spec index 7649cb2..4375498 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -3,7 +3,7 @@ Name: net-snmp Version: 5.9 -Release: 1 +Release: 2 Epoch: 1 Summary: SNMP Daemon License: BSD @@ -44,6 +44,7 @@ Patch21: net-snmp-5.8-rpm-memory-leak.patch Patch22: net-snmp-5.9-aes-config.patch Patch23: net-snmp-5.8-modern-rpm-api.patch Patch24: net-snmp-5.9-python3.patch +Patch25: CVE-2020-15862.patch %{?systemd_requires} BuildRequires: systemd gcc openssl-devel bzip2-devel elfutils-devel libselinux-devel @@ -324,6 +325,12 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_mandir}/man1/fixproc* %changelog +* Thu Oct 08 2020 wangxiaopeng - 5.9-2 +- Type:cves +- ID:CVE-2020-15862 +- SUG:NA +- DESC: Fix CVE-2020-15862 + * Tue Sep 01 2020 zhouyihang - 5.9-1 - Type:enhancement - ID:NA -- Gitee