diff --git a/CVE-2020-15862.patch b/CVE-2020-15862.patch new file mode 100644 index 0000000000000000000000000000000000000000..b0866ab8a12257966a010b625bd4cffcdd5e5b7a --- /dev/null +++ b/CVE-2020-15862.patch @@ -0,0 +1,84 @@ +From 77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 Mon Sep 17 00:00:00 2001 +From: Wes Hardaker +Date: Thu, 23 Jul 2020 16:17:27 -0700 +Subject: [PATCH] make the extend mib read-only by default + +--- + agent/mibgroup/agent/extend.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c +index 5f8cedc..7bd2314 100644 +--- a/agent/mibgroup/agent/extend.c ++++ b/agent/mibgroup/agent/extend.c +@@ -16,6 +16,13 @@ + #define SHELLCOMMAND 3 + #endif + ++/* This mib is potentially dangerous to turn on by default, since it ++ * allows arbitrary commands to be set by anyone with SNMP WRITE ++ * access to the MIB table. If all of your users are "root" level ++ * users, then it may be safe to turn on. */ ++#define ENABLE_EXTEND_WRITE_ACCESS 0 ++ ++ + netsnmp_feature_require(extract_table_row_data) + netsnmp_feature_require(table_data_delete_table) + #ifndef NETSNMP_NO_WRITE_SUPPORT +@@ -742,7 +749,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + * + **********/ + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + case MODE_SET_RESERVE1: + /* + * Validate the new assignments +@@ -1068,7 +1075,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + } + } + break; +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */ + + default: + netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR); +@@ -1076,7 +1083,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + } + } + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + /* + * If we're marking a given row as active, + * then we need to check that it's ready. +@@ -1101,7 +1108,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + } + } + } +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */ + + return SNMP_ERR_NOERROR; + } +@@ -1590,7 +1597,7 @@ fixExec2Error(int action, + idx = name[name_len-1] -1; + exten = &compatability_entries[ idx ]; + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + switch (action) { + case MODE_SET_RESERVE1: + if (var_val_type != ASN_INTEGER) { +@@ -1611,7 +1618,7 @@ fixExec2Error(int action, + case MODE_SET_COMMIT: + netsnmp_cache_check_and_reload( exten->efix_entry->cache ); + } +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */ + return SNMP_ERR_NOERROR; + } + #endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */ +-- +2.23.0 + diff --git a/net-snmp.spec b/net-snmp.spec index 1d1ce63bfe63566806c17693aa99efae2c125990..afc6e12fd789de14fd1fcc4a67910c71f8fd7106 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -3,7 +3,7 @@ Name: net-snmp Version: 5.8 -Release: 11 +Release: 12 Epoch: 1 Summary: SNMP Daemon License: BSD @@ -42,6 +42,7 @@ Patch18: CVE-2019-20892-3.patch Patch19: CVE-2019-20892-4.patch Patch20: CVE-2019-20892-5.patch Patch21: CVE-2019-20892-6.patch +Patch22: CVE-2020-15862.patch %{?systemd_requires} BuildRequires: systemd gcc openssl-devel bzip2-devel elfutils-devel libselinux-devel @@ -321,6 +322,12 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{_mandir}/man1/fixproc* %changelog +* Thu Oct 08 2020 wangxiaopeng - 5.8-12 +- Type:cves +- ID: CVE-2020-15862 +- SUG:NA +- DESC: Fix CVE-2020-15862 + * Tue Sep 01 2020 yuboyun - 5.8-11 - Type:NA - ID:NA