From csmall at debian.org  Sun Jul 19 04:26:14 2015
From: csmall at debian.org (Craig Small)
Date: Sun, 19 Jul 2015 14:26:14 +1000
Subject: [Pkg-net-snmp-devel] Bug#792832: snmpd storage reports all tmpfs
	and floods logfile
Message-ID: <20150719042614.10288.46644.reportbug@elmo.localnet>

Package: snmpd
Version: 5.7.3+dfsg-1
Severity: normal

The latest systemd creates directories such as /run/user/csmall which
are only readable by that user. This is a good thing.

The problem is if snmpd is reloaded when a user is logged in then
it fills the log trying to statfs these mount points but is
unable to do so.

There needs to be an option to just make snmpd not try to look
at these sort of mount points. The problem is that ignoreDisk
only works for the devices, not mount points and a tmpfs has
no "device" name to match it by.

A ignoreMount feature would fix this and all other sorts of
problems, such as /run/user/* and /media/*

 - Craig


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages snmpd depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.57
ii  libc6                  2.19-19
ii  libsnmp-base           5.7.3+dfsg-1
ii  libsnmp30              5.7.3+dfsg-1
ii  lsb-base               4.1+Debian13+nmu1

snmpd recommends no packages.

Versions of packages snmpd suggests:
pn  snmptrapd  <none>

-- Configuration Files:
/etc/default/snmpd changed [not included]
/etc/snmp/snmpd.conf changed [not included]
/etc/snmp/snmptrapd.conf a2ee110581a5a9a1e2252400cb176bcc [Errno 2] No such file or directory: u'/etc/snmp/snmptrapd.conf a2ee110581a5a9a1e2252400cb176bcc'

-- debconf information excluded


From carnil at debian.org  Fri Jul 31 05:20:38 2015
From: carnil at debian.org (Salvatore Bonaccorso)
Date: Fri, 31 Jul 2015 07:20:38 +0200
Subject: [Pkg-net-snmp-devel] Bug#788964: net-snmp snmp_pdu_parse() DoS
In-Reply-To: <20150616171545.12942.12805.reportbug@pisco.westfalen.local>
References: <20150616171545.12942.12805.reportbug@pisco.westfalen.local>
Message-ID: <20150731052038.GA8461@elende.valinor.li>

Control: retitle -1 net-snmp: CVE-2015-5621: snmp_pdu_parse() incompletely parsed varBinds left in list of variables

Hi

This issue has been assigned CVE-2015-5621.

Regards,
Salvatore


From owner at bugs.debian.org  Fri Jul 31 05:24:05 2015
From: owner at bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 31 Jul 2015 05:24:05 +0000
Subject: [Pkg-net-snmp-devel] Processed: Re: Bug#788964: net-snmp
	snmp_pdu_parse() DoS
References: <20150731052038.GA8461@elende.valinor.li>
 <20150616171545.12942.12805.reportbug@pisco.westfalen.local>
Message-ID: <handler.s.B788964.143832004725702.transcript@bugs.debian.org>

Processing control commands:

> retitle -1 net-snmp: CVE-2015-5621: snmp_pdu_parse() incompletely parsed varBinds left in list of variables
Bug #788964 [src:net-snmp] net-snmp snmp_pdu_parse() DoS
Changed Bug title to 'net-snmp: CVE-2015-5621: snmp_pdu_parse() incompletely parsed varBinds left in list of variables' from 'net-snmp snmp_pdu_parse() DoS'

-- 
788964: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788964
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems