Page MenuHomeVyOS Platform
Create Task
Maniphest T3791

vyos router 3.13( version 1.17) snmpd crash
Resolved (N/A)PublicBUG
Actions

Description

We have replayed the vulnerability in the vyos 3.13.11-1 device versions. And We perform debugging analysis on this vulnerability version. Because we have not obtained the new version of the device, this vulnerability may exist in the device of a higher version, please check.

There are three vulnerability, and it is caused by a Use-After-Free and an insufficient check of null pointer.

And then I may need you to provide an email and I will provide POC and a detailed vulnerability report. Here is my email: [email protected]

Details

Difficulty level
Easy (less than an hour)
Version
version 1.17
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Security vulnerability

Event Timeline

zoenan7 created this task.Sep 2 2021, 12:32 PM
zoenan7 added a comment.Sep 2 2021, 12:35 PM

These vulnerabilities can cause the EFFECT of SNMP service Dos,

pasik added a subscriber: pasik.Sep 2 2021, 1:15 PM
c-po added a subscriber: c-po.Sep 2 2021, 5:22 PM

Hello @zoenan7,

VyOS 1.1.7 is EOL and won't receive any updates. Please upgrade to 1.2 or higher

zoenan7 added a comment.Sep 4 2021, 9:00 AM

Hello, I can't find the latest version of VyOS on the Internet. Could you please provide a mirror image to my mailbox? I'll validate any bugs I find. My email address is [email protected]

Viacheslav added a subscriber: Viacheslav.Sep 4 2021, 9:05 AM

@zoenan7 You can get it here https://vyos.net/get/

zoenan7 added a comment.Sep 5 2021, 7:01 AM

I tried to reproduce the vulnerability we found on v1.2.7 version of VyOS and debug the vulnerability, hoping to provide you with a detailed vulnerability report.

zoenan7 added a comment.Sep 5 2021, 7:11 AM

Here is the screenshot of vulnerability reproduction.

image.png (1×2 px, 475 KB)

zoenan7 added a comment.Sep 7 2021, 2:49 AM

May I ask whether the vulnerability report should be made public here or submitted to which mailbox? Will a PGP public key be provided to encrypt sensitive information?

Viacheslav closed this task as Resolved N/A.Jan 20 2024, 2:18 AM

The fix should be fixed by the upstream