CVE-2022-24807: Out-of-Bounds Memory Access Vulnerability in net-snmp Versions Before 5.9.2

net-snmp is a widely used suite of software tools that implement the Simple Network Management Protocol (SNMP). In versions before 5.9.2, there exists a vulnerability (CVE-2022-24807) in the processing of SET requests for the SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable. If exploited, this vulnerability could result in an out-of-bounds memory access, compromising the stability and security of the affected system. Fortunately, net-snmp version 5.9.2 patches this vulnerability, and users are urged to update immediately. This blog post will provide a detailed analysis of the vulnerability, exploit details, and recommendations for protecting your systems.

Vulnerability Details

The vulnerability arises due to a lack of proper input validation for Object Identifier (OID) values in SET requests sent to the SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable. A specially crafted OID can cause an out-of-bounds memory access, potentially leading to crashes or other unpredictable behavior. This can be exploited by users with read-write credentials for the affected SNMP agent, which may include SNMPv1, SNMPv2c, or SNMPv3 users.

Here is a code snippet demonstrating the issue in snmp_acm.c

/* This code snippet contains an example of the vulnerable code, causing out-of-bounds access */

oid *optr;
int i;

for (i = , optr = name;
     i < (int)(sizeof(access_common)/sizeof(oid)) &&
     optr < (name + name_len) && *name_ptr == *optr; i++) {
    optr++;
    name_ptr++;
}

Exploit Details

An attacker would need read-write access to the SNMP agent in question to exploit this vulnerability. They would craft an SNMP SET request with a malformed OID that results in out-of-bounds memory access upon processing. The actual impact of the exploit may vary, potentially causing denial of service (crashing the SNMP agent) or possibly leading to other security compromises.

Mitigation and Recommendations

To protect your systems from this vulnerability, update net-snmp to version 5.9.2 or later. You can download the latest version from the official net-snmp website here.

Additionally, all users should consider the following protective measures

1. Restrict SNMP access to trusted users only. Use strong SNMPv3 credentials, and avoid sharing these credentials with others.

2. If you must use SNMPv1 or SNMPv2c, use a complex community string to prevent unauthorized access. Additionally, configure your SNMP agent to only accept requests from a specific IP address range to further enhance security.

Conclusion

CVE-2022-24807 is a serious security vulnerability in net-snmp that could lead to out-of-bounds memory access and potential system compromise. By updating to version 5.9.2 and following the above recommended security practices, users can protect their SNMP-enabled systems from potential exploitation.

Timeline

Published on: 04/16/2024 20:15:08 UTC