rpms/net-snmp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix tcp_wrappers integration Resolves: CVE-2008-6123

Browse Source
This commit is contained in:
Jan Šafránek 2009-02-16 11:12:36 +00:00
parent a8a9c8c9d4
commit 4de594fd4e
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
net-snmp-5.4.1-libwrap.patch Normal file
View File

@ -0,0 +1,25 @@
CVE-2008-6123: snmp queries allowed from each remote host regardless of
/etc/hosts.allow configuration
Source: upstream, SVN rev. 17367
diff -up net-snmp-5.4.2.1/snmplib/snmpUDPDomain.c.libwrap net-snmp-5.4.2.1/snmplib/snmpUDPDomain.c
--- net-snmp-5.4.2.1/snmplib/snmpUDPDomain.c.libwrap 2007-10-11 22:46:30.000000000 +0200
+++ net-snmp-5.4.2.1/snmplib/snmpUDPDomain.c 2009-02-16 11:57:19.000000000 +0100
@@ -104,12 +104,12 @@ netsnmp_udp_fmtaddr(netsnmp_transport *t
char tmp[64];
to = (struct sockaddr_in *) &(addr_pair->remote_addr);
if (to == NULL) {
- sprintf(tmp, "UDP: [%s]->unknown",
+ sprintf(tmp, "UDP: unknown->[%s]",
inet_ntoa(addr_pair->local_addr));
} else {
- sprintf(tmp, "UDP: [%s]->", inet_ntoa(addr_pair->local_addr));
- sprintf(tmp + strlen(tmp), "[%s]:%hd",
- inet_ntoa(to->sin_addr), ntohs(to->sin_port));
+ sprintf(tmp, "UDP: [%s]:%hu->",
+ inet_ntoa(to->sin_addr), ntohs(to->sin_port));
+ sprintf(tmp + strlen(tmp), "[%s]", inet_ntoa(addr_pair->local_addr));
}
return strdup(tmp);
}

7
net-snmp.spec
View File

@ -8,7 +8,7 @@
Summary: A collection of SNMP protocol tools and libraries Summary: A collection of SNMP protocol tools and libraries
Name: net-snmp Name: net-snmp
Version: %{major_ver} Version: %{major_ver}
Release: 2%{?dist} Release: 3%{?dist}
Epoch: 1 Epoch: 1
License: BSD and MIT License: BSD and MIT
@ -36,6 +36,7 @@ Patch9: net-snmp-5.4.1-strange_libpath.patch
Patch10: net-snmp-5.4.1-shared-ip.patch Patch10: net-snmp-5.4.1-shared-ip.patch
Patch11: net-snmp-5.4.1-sensors3.patch Patch11: net-snmp-5.4.1-sensors3.patch
Patch12: net-snmp-5.4.1-xen-crash.patch Patch12: net-snmp-5.4.1-xen-crash.patch
Patch13: net-snmp-5.4.1-libwrap.patch
Requires(pre): chkconfig Requires(pre): chkconfig
Requires(post): chkconfig Requires(post): chkconfig
@ -175,6 +176,7 @@ Net-SNMP toolkit library.
%patch10 -p1 -b .shared-ip %patch10 -p1 -b .shared-ip
%patch11 -p1 -b .sensors %patch11 -p1 -b .sensors
%patch12 -p1 -b .xen-crash %patch12 -p1 -b .xen-crash
%patch13 -p1 -b .libwrap
# Do this patch with a perl hack... # Do this patch with a perl hack...
perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh perl -pi -e "s|'\\\$install_libdir'|'%{_libdir}'|" ltmain.sh
@ -414,6 +416,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_datadir}/snmp/mibs %{_datadir}/snmp/mibs
%changelog %changelog
* Mon Feb 16 2009 Jan Safranek <jsafranek@redhat.com> 5.4.2.1-3
- fix tcp_wrappers integration (CVE-2008-6123)
* Mon Dec 1 2008 Jan Safranek <jsafranek@redhat.com> 5.4.2.1-2 * Mon Dec 1 2008 Jan Safranek <jsafranek@redhat.com> 5.4.2.1-2
- rebuild for fixed rpm (#473420) - rebuild for fixed rpm (#473420)