CVE-2022-24808 - Critical Vulnerability in net-snmp Allows Attackers to Exploit the Null Pointer Dereference in Versions Prior to 5.9.2

net-snmp is a popular suite of tools used for performing various tasks related to the Simple Network Management Protocol (SNMP). It provides both server-side and client-side utilities to interact with SNMP agents and manage devices on networks. A critical vulnerability (CVE-2022-24808) has been discovered in net-snmp, making it susceptible to a NULL pointer dereference.

The vulnerability affects versions of net-snmp prior to 5.9.2 and allows an attacker with read-write credentials to use a malformed Object Identifier (OID) in a SET request to NET-SNMP-AGENT-MIB::nsLogTable, resulting in a NULL pointer dereference. This vulnerability has been patched in version 5.9.2, and users are advised to update their net-snmp installations to protect against potential attacks.

Exploit Details

Attackers with read-write access credentials can exploit this vulnerability by sending a specially crafted SNMP SET request containing a malformed OID to NET-SNMP-AGENT-MIB::nsLogTable. This action leads to a NULL pointer dereference, which can cause a denial of service through the SNMP agent's crash.

Here is a code snippet illustrating the issue

// Malformed OID in SET request
oid netSnmpAgentMIB_nsLogTable[] =
    { 1, 3, 6, 1, 4, 1, 8072, 2, 1, 1 };
size_t netSnmpAgentMIB_nsLogTable_len = OID_LENGTH(netSnmpAgentMIB_nsLogTable);

// Perform SET request with malformed OID
snmp_set_var_objid(varbind, netSnmpAgentMIB_nsLogTable,
				   netSnmpAgentMIB_nsLogTable_len);

References and Patch Information

The net-snmp project has released a patch for this vulnerability in version 5.9.2. You can find more information and download the patch from the official net-snmp website:

- Official net-snmp release notes: http://www.net-snmp.org/docs/NEWS.html
- Official net-snmp patch information: https://github.com/net-snmp/net-snmp/releases/tag/v5.9.2

To protect yourself against this vulnerability, it is strongly recommended that users

1. Update to the latest version of net-snmp (5.9.2 or later) that contains the patch for the NULL pointer dereference vulnerability.
2. Use strong SNMPv3 authentication and privacy credentials, and avoid sharing these credentials across multiple devices or users.
3. For those who must use SNMPv1 or SNMPv2c, implement complex community strings and enhance the protection by restricting SNMP access to a specific IP address range.

By following these recommendations, network administrators can mitigate the risks associated with this critical vulnerability and maintain the security and stability of their SNMP environments.

Timeline

Published on: 04/16/2024 20:15:08 UTC
Last modified on: 04/17/2024 12:48:31 UTC