5.206. net-snmp

Bug Fix

BZ#836252

Prior to this update, there was a limit of 50 'exec' entries in the /etc/snmp/snmpd.conf file. With more than 50 such entries in the configuration file, the snmpd daemon returned the "Error: No further UCD-compatible entries" error message to the system log. With this update, this limit has been removed and there can now be any number of 'exec' entries in the snmpd configuration file, thus preventing this bug.

Security Fix

CVE-2012-2141

An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the extend directive (in /etc/snmp/snmpd.conf) could use this flaw to crash snmpd via a crafted SNMP GET request.

Bug Fixes

BZ#736580

In the previous update, a change was made in order to stop snmpd terminating unexpectedly when an AgentX subagent disconnected while processing a request. This fix, however, introduced a memory leak. With this update, this memory leak is fixed.

BZ#740172

In a previous update, a new BRIDGE-MIB was implemented in the net-snmp-perl subpackage. This MIB used incorrect conversion of interface-index values from the kernel and reported incorrect values of ifIndex OIDs (object identifiers). With this update, conversion of interface indexes is fixed and BRIDGE-MIB reports correct ifIndex OIDs.

BZ#746903

Previously, snmpd erroneously enabled verbose logging when parsing the proxy option in the snmpd.conf file. Consequently, unexpected debug messages were sometimes written to the system log. With this update, snmpd no longer modifies logging settings when parsing the proxy option. As a result, no debug messages are sent to the system log unless explicitly enabled by the system administrator.

BZ#748410

Previously, the snmpd daemon strictly implemented RFC 2780. However, this specification no longer scales well with modern big storage devices with small allocation units. Consequently, snmpd reported a wrong value for the “HOST-RESOURCES-MIB::hrStorageSize” object when working with a large file system (larger than 16TB), because the accurate value did not fit into Integer32 as specified in the RFC. To address this problem, this update adds a new option to the /etc/snmp/snmpd.conf configuration file, “realStorageUnits”. By changing the value of this option to 0, users can now enable recalculation of all values in “hrStorageTable” to ensure that the multiplication of “hrStorageSize” and “hrStorageAllocationUnits” always produces an accurate device size. The values of “hrStorageAllocationUnits” are then artificial in this case and no longer represent the real size of the allocation unit on the storage device.

BZ#748411, BZ#755481, BZ#757685

In the previous net-snmp update, the implementation of “HOST-RESOURCES-MIB::hrStorageTable” was rewritten and devices with Veritas File System (VxFS), ReiserFS, and Oracle Cluster File System (OCFS2) were not reported. In this update, snmpd properly recognizes VxFS, ReiserFS, and OCFS2 devices and reports them in “HOST-RESOURCES-MIB::hrStorageTable”.

BZ#748907

Prior to this update, the Net-SNMP Perl module did not properly evaluate error codes in the register() method in the “NetSNMP::agent” module and terminated unexpectedly when this method failed. With this update, the register() method has been fixed and the updated Perl modules no longer crash on failure.

BZ#749227

The SNMP daemon (snmpd) did not properly fill a set of watched socket file descriptors. Therefore, the daemon sometimes terminated unexpectedly with the “select: bad file descriptor” error message when more than 32 AgentX subagents connected to snmpd on 32-bit platforms or more than 64 subagents on 64-bit platforms. With this update, snmpd properly clears sets of watched file descriptors and no longer crashes when handling a large number of subagents.

BZ#754275

Previously, snmpd erroneously checked the length of “SNMP-TARGET-MIB::snmpTargetAddrRowStatus” value in incoming “SNMP-SET” requests on 64-bit platforms. Consequently, snmpd sent an incorrect reply to the “SNMP-SET” request. With this update, the check of “SNMP-TARGET-MIB::snmpTargetAddrRowStatus” is fixed and it is possible to set it remotely using “SNMP-SET” messages.

BZ#754971

Previously, snmpd did not check the permissions of its MIB index files stored in the /var/lib/net-snmp/mib_indexes directory and assumed it could read them. If the read access was denied, for example due to incorrect SELinux contexts on these files, snmpd crashed. With this update, snmpd checks if its MIB index files were correctly opened and does not crash if they cannot be opened.

BZ#786931

Before this release, the length of the OID parameter of “sysObjectID” (an snmpd.conf config file option) was not correctly stored in snmpd, which resulted in “SNMPv2-MIB::sysObjectID” being truncated if the OID had more than 10 components. In this update, handling of the OID length is fixed and “SNMPv2-MIB::sysObjectID” is returned correctly.

BZ#788954

Prior to this update, when snmpd was started and did not find a network interface which had been present during the last snmpd shutdown, the following error message was logged:

snmpd: error finding row index in _ifXTable_container_row_restore 

This happened on systems which dynamically create and remove network interfaces on demand, such as virtual hosts or PPP servers. In this update, this message has been removed and no longer appears in the system log.

BZ#789909

Previously, snmpd, enumerated active TCP connections for “TCP-MIB::tcpConnectionTable” in an inefficient way with O(n^2) complexity. With many TCP connections, an SNMP client could time out before snmpd processed a request regarding the “tcpConnectionTable”, and sent a response. This update improves the enumeration mechanism and snmpd now swiftly responds to SNMP requests in the “tcpConnectionTable”.

BZ#799291

When an object identifier (OID) was out of the subtree registered by the proxy statement in the /etc/snmp/snmpd.conf configuration file, the previous version of the snmpd daemon failed to use a correct OID of proxied “GETNEXT” requests. With this update, snmpd now adjusts the OIDs of proxied “GETNEXT” requests correctly and sends correct requests to the remote agent as expected.

BZ#822480

Net-SNMP daemons and utilities use the /var/lib/net-snmp directory to store persistent data, for example the cache of parsed MIB files. This directory is created by the net-snmp package and when this package is not installed, Net-SNMP utilities and libraries create the directory with the wrong SELinux context, which results in an Access Vector Cache (AVC) error reported by SELinux. In this update, the /var/lib/net-snmp directory is created by the net-snmp-lib package, therefore all Net-SNMP utilities and libraries do not need to create the directory and the directory will have the correct SELinux context.

Bug Fix

BZ#986192

In previous Net-SNMP releases, snmpd reported an invalid speed of network interfaces in IF-MIB::ifTable and IF-MIB::ifXTable if the interface had a speed other than 10, 100, 1000 or 2500 MB/s. Thus, the net-snmp ifHighSpeed value returned was "0" compared to the correct speed as reported in ethtool, if the Virtual Connect speed was set to, for example, 0.9 Gb/s. With this update, the ifHighSpeed value returns the correct speed as reported in ethtool, and snmpd correctly reports non-standard network interface speeds.

Bug Fix

BZ#1002859

When an AgentX subagent disconnected from the SNMP daemon (snmpd), the daemon did not properly check that there were no active requests queued in the subagent and destroyed the session. Consequently, the session was referenced by snmpd later when processing queued requests and because it was already destroyed, snmpd terminated unexpectedly with a segmentation fault or looped indefinitely. This update adds several checks to prevent the destruction of sessions with active requests, and snmpd no longer crashes in the described scenario.