1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
From de36cf1ecbb13a9541ec5d43ce20ab5030861837 Mon Sep 17 00:00:00 2001
From: Wes Hardaker <opensource@hardakers.net>
Date: Thu, 23 Jul 2020 16:17:27 -0700
Subject: [PATCH 1/1] make the extend mib read-only by default
CVE: CVE-2020-15862
Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
---
agent/mibgroup/agent/extend.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/agent/mibgroup/agent/extend.c b/agent/mibgroup/agent/extend.c
index 5f8cedc..38a6c50 100644
--- a/agent/mibgroup/agent/extend.c
+++ b/agent/mibgroup/agent/extend.c
@@ -16,6 +16,12 @@
#define SHELLCOMMAND 3
#endif
+/* This mib is potentially dangerous to turn on by default, since it
+ * allows arbitrary commands to be set by anyone with SNMP WRITE
+ * access to the MIB table. If all of your users are "root" level
+ * users, then it may be safe to turn on. */
+#define ENABLE_EXTEND_WRITE_ACCESS 0
+
netsnmp_feature_require(extract_table_row_data)
netsnmp_feature_require(table_data_delete_table)
#ifndef NETSNMP_NO_WRITE_SUPPORT
@@ -742,7 +748,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
*
**********/
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
case MODE_SET_RESERVE1:
/*
* Validate the new assignments
@@ -1068,7 +1074,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
}
}
break;
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
default:
netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
@@ -1076,7 +1082,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
}
}
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
/*
* If we're marking a given row as active,
* then we need to check that it's ready.
@@ -1101,7 +1107,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
}
}
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
@@ -1590,7 +1596,7 @@ fixExec2Error(int action,
idx = name[name_len-1] -1;
exten = &compatability_entries[ idx ];
-#ifndef NETSNMP_NO_WRITE_SUPPORT
+#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
switch (action) {
case MODE_SET_RESERVE1:
if (var_val_type != ASN_INTEGER) {
@@ -1611,7 +1617,7 @@ fixExec2Error(int action,
case MODE_SET_COMMIT:
netsnmp_cache_check_and_reload( exten->efix_entry->cache );
}
-#endif /* !NETSNMP_NO_WRITE_SUPPORT */
+#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */
--
2.17.1
|
