Page MenuHomeVyOS Platform
People zoenan7

zoenan7 (钟楠宇)
User

Projects

User does not belong to any projects.

User Details

User Since
Sep 2 2021, 11:08 AM (80 w, 5 d)

Recent Activity
View All

Nov 5 2021

zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

Alternatively, can you provide the contact information of NET-SNMP's PRIST? I can also contact him for vulnerability disclosure.

Nov 5 2021, 6:43 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)
zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

Yes, I also believe that this crash exists in all current versions of NET-SNMP. And I also found this vulnerability in the source code of the latest version of Net-SNMP( version 5.9.1), and I compiled and installed net-SNMP on Ubuntu to duplicate this vulnerability. But I can't find the contact information of NET-SNMP. It seems that only the cooperative manufacturer can contact him. Can you negotiate with them to disclose this vulnerability?

Nov 5 2021, 6:41 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)

Oct 8 2021

zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

@dmbaturin Did you get my email? If not, please let me know and I will send it again

Oct 8 2021, 6:23 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)

Sep 27 2021

zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

By the way, the SNMPD service of the router will not restart automatically. After the SNMP service is attacked, the SNMP service cannot be restored even if the device is restarted, which may be an inappropriate implementation.

Sep 27 2021, 7:45 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)
zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

I have a question. If you confirm the existence of the vulnerability, can you report to the NET-SNMP vendor and apply for a CVE number?

Sep 27 2021, 7:37 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)
zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

I have sent the POC of the vulnerability to [email protected]

Sep 27 2021, 7:35 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)
zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

By the way, The password of the compressed package is HGkasjgJFYL261.

Sep 27 2021, 7:28 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)
zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

Hello, I have found three vulnerabilities in V1.2.7, one of which can also be reproduced in V1.3, please continue to check the other versions, I will send all three POCs to your email, thank you for your work.

Sep 27 2021, 7:25 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)

Sep 26 2021

zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

May I ask where I can submit poC? Do you provide an email address or upload files here?

Sep 26 2021, 5:59 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)

Sep 17 2021

zoenan7 created T3835: vyos router 1.2.7 snmp Dos bug.
Sep 17 2021, 12:41 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)

Sep 7 2021

zoenan7 added a comment to T3791: vyos router 3.13( version 1.17) snmpd crash.

May I ask whether the vulnerability report should be made public here or submitted to which mailbox? Will a PGP public key be provided to encrypt sensitive information?

Sep 7 2021, 2:49 AM · VyOS 1.2 Crux

Sep 5 2021

zoenan7 added a comment to T3791: vyos router 3.13( version 1.17) snmpd crash.

Here is the screenshot of vulnerability reproduction.

Sep 5 2021, 7:11 AM · VyOS 1.2 Crux
zoenan7 added a comment to T3791: vyos router 3.13( version 1.17) snmpd crash.

I tried to reproduce the vulnerability we found on v1.2.7 version of VyOS and debug the vulnerability, hoping to provide you with a detailed vulnerability report.

Sep 5 2021, 7:01 AM · VyOS 1.2 Crux

Sep 4 2021

zoenan7 added a comment to T3791: vyos router 3.13( version 1.17) snmpd crash.

Hello, I can't find the latest version of VyOS on the Internet. Could you please provide a mirror image to my mailbox? I'll validate any bugs I find. My email address is [email protected]

Sep 4 2021, 9:00 AM · VyOS 1.2 Crux

Sep 2 2021

zoenan7 added a comment to T3791: vyos router 3.13( version 1.17) snmpd crash.

These vulnerabilities can cause the EFFECT of SNMP service Dos,

Sep 2 2021, 12:35 PM · VyOS 1.2 Crux
zoenan7 created T3791: vyos router 3.13( version 1.17) snmpd crash.
Sep 2 2021, 12:32 PM · VyOS 1.2 Crux