[net-snmp/f16] fixed CVE-2012-2141: Array index error, leading to out-of heap-based buffer read Resolves: #816549
Jan Šafránek
jsafrane at fedoraproject.org
Mon Oct 22 08:22:34 UTC 2012
commit a151384dba78a321dc0b8163d43ee5bd6c5a218e
Author: Jan Safranek <jsafrane at redhat.com>
Date: Mon Oct 22 10:09:43 2012 +0200
fixed CVE-2012-2141: Array index error, leading to out-of heap-based buffer read
Resolves: #816549
net-snmp-5.7-CVE-2012-2141.patch | 21 +++++++++++++++++++++
net-snmp.spec | 4 ++++
2 files changed, 25 insertions(+), 0 deletions(-)
---
diff --git a/net-snmp-5.7-CVE-2012-2141.patch b/net-snmp-5.7-CVE-2012-2141.patch
new file mode 100644
index 0000000..569fd5a
--- /dev/null
+++ b/net-snmp-5.7-CVE-2012-2141.patch
@@ -0,0 +1,21 @@
+commit 4c5633f1603e4bd03ed05c37d782ec8911759c47
+Author: Robert Story <rstory at freesnmp.com>
+Date: Mon May 14 11:40:06 2012 -0400
+
+ NEWS: snmp: BUG: 3526549: CVE-2012-2141 Array index error leading to crash
+
+diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c
+index d00475f..1f8586a 100644
+--- a/agent/mibgroup/agent/extend.c
++++ b/agent/mibgroup/agent/extend.c
+@@ -1299,6 +1299,10 @@ handle_nsExtendOutput2Table(netsnmp_mib_handler *handler,
+ * Determine which line we've been asked for....
+ */
+ line_idx = *table_info->indexes->next_variable->val.integer;
++ if (line_idx < 1 || line_idx > extension->numlines) {
++ netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE);
++ continue;
++ }
+ cp = extension->lines[line_idx-1];
+
+ /*
diff --git a/net-snmp.spec b/net-snmp.spec
index 3286e40..9600feb 100644
--- a/net-snmp.spec
+++ b/net-snmp.spec
@@ -41,6 +41,7 @@ Patch9: net-snmp-5.7.1-systemd.patch
Patch10: net-snmp-5.7-libtool.patch
Patch11: net-snmp-5.7-mibs-perl-linking.patch
Patch12: net-snmp-5.7-hrStorage-units.patch
+Patch13: net-snmp-5.7-CVE-2012-2141.patch
Requires(post): chkconfig
Requires(preun): chkconfig
@@ -205,6 +206,7 @@ The net-snmp-sysvinit package provides SysV init scripts for Net-SNMP daemons.
%patch10 -p1 -b .libtool
%patch11 -p1 -b .mibs-perl
%patch12 -p1 -b .hrStorage-units
+%patch13 -p1 -b .CVE-2012-2141
%ifarch sparc64 s390 s390x
# disable failing test - see https://bugzilla.redhat.com/show_bug.cgi?id=680697
@@ -513,6 +515,8 @@ rm -rf ${RPM_BUILD_ROOT}
%changelog
* Mon Oct 22 2012 Jan Safranek <jsafrane at redhat.com> - 1:5.7.1-3
- fixed units in hrStorageTable and hrFSTable (#789441)
+- fixed CVE-2012-2141: Array index error, leading to out-of heap-based
+ buffer read
* Wed Oct 5 2011 Jan Safranek <jsafrane at redhat.com> - 1:5.7.1-2
- fixed perl linking (#742678)
More information about the scm-commits
mailing list