Monday, February 3, 2020

Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.

Multiple vulnerabilities exist in Mini-SNMPD, a lightweight implementation of a Simple Network Management Protocol server. An attacker can exploit these bugs by providing a specially crafted SNMPD request to the user. These vulnerabilities could lead to a variety of conditions, potentially resulting in the disclosure of sensitive information and a denial-of-service condition. Mini-SNMPD's
small code size and memory footprint make it especially suitable for small and embedded devices. It is used, for example, by several devices based on the OpenWRT project.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Mini-SNMPD to ensure that these issues are resolved and that an update is available for affected customers. Talos also provided the patch for these issues.

Vulnerability details

Mini-SNMPD decode_cnt information leak vulnerability (TALOS-2020-0975/CVE-2020-6058)

An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.

Read the complete vulnerability advisory here for additional information.

Mini-SNMPD decode_int information leak vulnerability (TALOS-2020-0976/CVE-2020-6059)

An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.

Read the complete vulnerability advisory here for additional information.

Mini-SNMPD socket disconnect denial-of-service vulnerability (TALOS-2020-0977/CVE-2020-6060)

A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that version 1.4 of Mini-SNMPD is affected by these vulnerabilities.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 52836, 52837

No comments:

Post a Comment