diff options
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15862.patch')
| -rw-r--r-- | meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15862.patch | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15862.patch b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15862.patch new file mode 100644 index 0000000000..419a0c21bb --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2020-15862.patch @@ -0,0 +1,87 @@ +From de36cf1ecbb13a9541ec5d43ce20ab5030861837 Mon Sep 17 00:00:00 2001 +From: Wes Hardaker <opensource@hardakers.net> +Date: Thu, 23 Jul 2020 16:17:27 -0700 +Subject: [PATCH 1/1] make the extend mib read-only by default + +CVE: CVE-2020-15862 +Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205] + +Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> +--- + agent/mibgroup/agent/extend.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c +index 5f8cedc..38a6c50 100644 +--- a/agent/mibgroup/agent/extend.c ++++ b/agent/mibgroup/agent/extend.c +@@ -16,6 +16,12 @@ + #define SHELLCOMMAND 3 + #endif + ++/* This mib is potentially dangerous to turn on by default, since it ++ * allows arbitrary commands to be set by anyone with SNMP WRITE ++ * access to the MIB table. If all of your users are "root" level ++ * users, then it may be safe to turn on. */ ++#define ENABLE_EXTEND_WRITE_ACCESS 0 ++ + netsnmp_feature_require(extract_table_row_data) + netsnmp_feature_require(table_data_delete_table) + #ifndef NETSNMP_NO_WRITE_SUPPORT +@@ -742,7 +748,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + * + **********/ + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + case MODE_SET_RESERVE1: + /* + * Validate the new assignments +@@ -1068,7 +1074,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + } + } + break; +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */ + + default: + netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR); +@@ -1076,7 +1082,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + } + } + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + /* + * If we're marking a given row as active, + * then we need to check that it's ready. +@@ -1101,7 +1107,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler, + } + } + } +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */ + + return SNMP_ERR_NOERROR; + } +@@ -1590,7 +1596,7 @@ fixExec2Error(int action, + idx = name[name_len-1] -1; + exten = &compatability_entries[ idx ]; + +-#ifndef NETSNMP_NO_WRITE_SUPPORT ++#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS + switch (action) { + case MODE_SET_RESERVE1: + if (var_val_type != ASN_INTEGER) { +@@ -1611,7 +1617,7 @@ fixExec2Error(int action, + case MODE_SET_COMMIT: + netsnmp_cache_check_and_reload( exten->efix_entry->cache ); + } +-#endif /* !NETSNMP_NO_WRITE_SUPPORT */ ++#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */ + return SNMP_ERR_NOERROR; + } + #endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */ +-- +2.17.1 + |