Rutledge Joe | 30 Jan 10:52 2015

Authentication issues with snmpd v5.7.2.1/v5.7.3 with SNMP 1/2 VACM config on PowerPC architecture

Hi there,

I've been using net-snmp v5.4.1 for many years to provide snmpd to an embedded PowerPC product. I've
recently upgraded the compiler, glibc and net-snmp packages and the existing configuration that once
worked no longer does. I'm hoping someone can help me discover what's gone wrong!

I am using snmpb as a client to verify functionality, using this I see traps being sent from the device but
it's not possible to get or walk any part of the tree. Whenever I attempt to do this I get the authentication
failed trap. If I replace the configuration with something *much* simpler, i.e. it just contains
rocommunity prodname I have no problems, so it strikes me that I have an issue of some kind with the VACM
configuration. I'm only using snmp v1 & 2 and the only purpose of using the VACM configuration is to
restrict access to most of the possible tree. I see no errors in the log file.

Configured as:

./configure --host=${TOOLCHAIN_NAME} --prefix=/usr --disable-nls
--with-default-snmp-version="2" --with-sys-contact="root <at> localhost"
--with-sys-location="Unknown" --with-logfile="/var/log/snmpd.log"
--with-persistent-directory="/home/private/snmp" --disable-embedded-perl
--disable-perl-cc-checks --without-perl-modules --with-endianness=big --with-mibdirs="/usr/share/snmp/mibs:/home/mibs"

With the following packages:

GCC v4.7.2
EGLIBC v2.17
net-snmp v5.7.3/v5.7.2.1

snmpd.conf:
###############################################################################
#
(Continue reading)

Patroklos Anagnostou | 30 Jan 09:57 2015
Picon

SNMP can GET, fails to SET [OpenWRT]

Hello,

I am running OpenWRT (tried several versions, latest kernel 3.14) in a TP-LINK WDR3600, with snmpd and snmp utils installed.
I have two issues were I am having trouble finding documentation:
1) I can read from whatever MIBs are supported but not write:

SNMPGET

Code:
root <at> OpenWrt:/# snmpget -v 1 -c public 10.0.0.2 iso.3.6.1.2.1.1.5.0 MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs Cannot find module (SNMP-VIEW-BASED-ACM-MIB): At line 0 in (none) Cannot find module (SNMP-COMMUNITY-MIB): At line 0 in (none) Cannot find module (SNMP-FRAMEWORK-MIB): At line 0 in (none) Cannot find module (SNMP-MPD-MIB): At line 0 in (none) Cannot find module (SNMP-USER-BASED-SM-MIB): At line 0 in (none) Cannot find module (TUNNEL-MIB): At line 0 in (none) Cannot find module (IPV6-FLOW-LABEL-MIB): At line 0 in (none) Cannot find module (UCD-DLMOD-MIB): At line 0 in (none) Cannot find module (NET-SNMP-PASS-MIB): At line 0 in (none) Cannot find module (SNMPv2-MIB): At line 0 in (none) Cannot find module (IF-MIB): At line 0 in (none) Cannot find module (IP-MIB): At line 0 in (none) Cannot find module (TCP-MIB): At line 0 in (none) Cannot find module (UDP-MIB): At line 0 in (none) Cannot find module (HOST-RESOURCES-MIB): At line 0 in (none) Cannot find module (NOTIFICATION-LOG-MIB): At line 0 in (none) Cannot find module (DISMAN-EVENT-MIB): At line 0 in (none) Cannot find module (DISMAN-SCHEDULE-MIB): At line 0 in (none) iso.3.6.1.2.1.1.5.0 = STRING: "HeartOfGold"
SNMPSET
Code:
root <at> OpenWrt:/# snmpset -v 1 -c private 10.0.0.2 iso.3.6.1.2.1.1.5.0 s test MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs Cannot find module (SNMP-VIEW-BASED-ACM-MIB): At line 0 in (none) Cannot find module (SNMP-COMMUNITY-MIB): At line 0 in (none) Cannot find module (SNMP-FRAMEWORK-MIB): At line 0 in (none) Cannot find module (SNMP-MPD-MIB): At line 0 in (none) Cannot find module (SNMP-USER-BASED-SM-MIB): At line 0 in (none) Cannot find module (TUNNEL-MIB): At line 0 in (none) Cannot find module (IPV6-FLOW-LABEL-MIB): At line 0 in (none) Cannot find module (UCD-DLMOD-MIB): At line 0 in (none) Cannot find module (NET-SNMP-PASS-MIB): At line 0 in (none) Cannot find module (SNMPv2-MIB): At line 0 in (none) Cannot find module (IF-MIB): At line 0 in (none) Cannot find module (IP-MIB): At line 0 in (none) Cannot find module (TCP-MIB): At line 0 in (none) Cannot find module (UDP-MIB): At line 0 in (none) Cannot find module (HOST-RESOURCES-MIB): At line 0 in (none) Cannot find module (NOTIFICATION-LOG-MIB): At line 0 in (none) Cannot find module (DISMAN-EVENT-MIB): At line 0 in (none) Cannot find module (DISMAN-SCHEDULE-MIB): At line 0 in (none) Error in packet. Reason: (noSuchName) There is no such variable name in this MIB. Failed object: iso.3.6.1.2.1.1.5.0
SNMP CONF
Code:
root <at> OpenWrt:/# cat etc/snmp/snmpd.conf agentaddress UDP:161 sysLocation office sysContact bofh <at> example.com sysName HeartOfGold com2sec ro default public com2sec rw default private group public v1 ro group public v2c ro group public usm ro group private v1 rw group private v2c rw group private usm rw view all included .1 access public "" any noauth exact all none none access private "" any noauth exact all all all exec filedescriptors /bin/cat /proc/sys/fs/file-nr
I thought of the community string and tried to give readwrite priviledges to public but nothing changed.
Any hints?




2) I tried to load the MIBs following the
http://www.net-snmp.org/docs/FAQ.html#What_does__Cannot_find_module__XXX_MIB___mean_
and downloading them from random sources but this produced more errors. The get/set should work with just OIDs anyway, right?
Where does the code of (write to OID)->(produce an effect) lie?


Thank you
Patroklos
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Ashwini Pagade | 29 Jan 19:02 2015
Picon

snmptrap unsigned type not working as expected

Hi,

I am using snmpV3 adapter and passing V2 traps to it by using commands as below. It looks like the range for type u (i.e. unsigned) is upto (2^31) - 1 (i.e. 2147483647). I was expecting it to be (2^32) - 1 (i.e. 4294967295).

snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5 1.3.6.1.4.1.12345.1 u 2147483647

Above command generates following log:
trace:  ..\..\snmplib\snmp_api.c, 5293:
dumph_recv:             Value
dumpx_recv:              42 04 7F FF FF FF
dumpv_recv:                UInteger:    2147483647 (0x7FFFFFFF)


snmptrap -c public -v 2c clm-pun-009642 '' 1.3.6.1.4.1.20006.1.0.5 1.3.6.1.4.1.12345.1 u 2147483648

Above command generates following log:
trace:  ..\..\snmplib\snmp_api.c, 5293:
dumph_recv:             Value
dumpx_recv:              42 05 00 80 00 00 00
dumpv_recv:                UInteger:    -2147483648 (0x80000000)

Refer to:
http://www.net-snmp.org/docs/man/snmptrap.html

I am using net-snmp v5.5.

Is this the correct behavior or am I missing something?

Thanks.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Pak Leung Tam | 28 Jan 00:27 2015
Picon

NET-SNMP V5.7.3 standard version vulnerability

Dear All,

Is any outstanding vulnerability on the Standard version of NET-SNMP V5.7.3 (Not the pre-release version). It seems the v5.7.3 pre-release version is still exposed to the following vulnerability.

CVE-2014-2285 - The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.


Would like to know if this vulnerability has been addressed on the Standard version of Net-snmp v5.7.3 or is there any bug fix release note indicate this ?

Thank you all for your great insight and advice in advance.

Regards
Patrick
 
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Gilbert Gutierrez | 27 Jan 23:49 2015
Picon

snmptrapd and mysql

Host is a Centos7 box running everything from pre-compiled...
net-snmp-5.7.2-18.el7.x86_64
mariadb-server-5.5.40-2.el7_0.x86_64

Logging to rsyslog works fine but when trying to log via mysql, I get Error 2002, Can't connect to local MySQL server through socket. I have created the datatbase, net_snmp, with the tables notifications and varbinds. Can someone lead me in the correct direction in solving this?

Gilbert


snmptrapd.conf:

authCommunity   log     TrapString

# maximum number of traps to queue before forced flush
# set to 1 to immediately write to the database
sqlMaxQueue 140

# seconds between periodic queue flushes
sqlSaveInterval 9


/root/.my.cnf:
[snmptrapd]
user=root
password=somepassword
host=localhost




/var/log/messages
Jan 27 15:13:50 localhost snmptrapd[2532]: 2015-01-27 15:13:50 <UNKNOWN> [UDP: [172.16.6.12]:65534->[172.16.5.140]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2784535473) 322 days, 6:49:14.73      SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.17373.4.1.32767.0.10101        SNMPv2-MIB::sysName.0 = STRING: test
Jan 27 15:13:51 localhost snmptrapd[2532]: mysql_real_connect() failed
Jan 27 15:13:51 localhost snmptrapd[2532]: Error 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)
Jan 27 15:13:51 localhost snmptrapd[2532]: trap:2015-1-27 15:13:50,TrapString,8,2,1,.1.3.6.1.4.1.17373.4.1.32767.0.10101,UDP: [172.16.6.12]:65534->[172.16.5.140]:162,2,0,0,(null),(null),(null),(null)
Jan 27 15:13:51 localhost snmptrapd[2532]: varbind:.1.3.6.1.2.1.1.3.0,Timeticks: (2784535473) 322 days, 6:49:14.73
Jan 27 15:13:51 localhost snmptrapd[2532]: varbind:.1.3.6.1.6.3.1.1.4.1.0,OID: .1.3.6.1.4.1.17373.4.1.32767.0.10101
Jan 27 15:13:51 localhost snmptrapd[2532]: varbind:.1.3.6.1.2.1.1.5.0,STRING: "test"

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Brian Kejser | 26 Jan 20:57 2015

SNMP traps and unknown log file

Hi

 

I’ve done the following.

 

-          Ubuntu Server 14.04.1

-          Installed snmp, snmpd and snmp-mibs-downloader

-          Downloaded and unpacked Dell MIBS to the folder /usr/share/snmp/mibs

-          Deleted the file /usr/share/mibs/ietf/IPSEC-SPD-MIB

-          Deleted the file /usr/share/mibs/ietf/IPATM-IPMC-MIB

-          Deleted the file /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB

-          Deleted the file /usr/share/mibs/ietf/SNMPv2-PDU

 

Edited the file /etc/default/snmp.conf

 

mibs +ALL

 

Edited the file /etc/default/snmpd

 

TRAPDRUN=yes

 

Edited the file /etc/snmp/snmptrapd.conf

 

authCommunity log,execute,net public

traphandle default /usr/sbin/snmptt

ignoreauthfailure 1

disableAuthorization yes

 

Edited the file /etc/snmp/snmptt.ini

 

date_time_format = %H:%M:%S %Y/%m/%d

log_system_enable = 1

unknown_trap_log_enable = 1

 

When a trap is received, it ends up in the unknown trap log file. I am able to use snmptranslate to translate the MIBs in the unknown trap log file. Why are all SNMP traps being treated as unknown when snmptranslate can translate them?

 

Thanks

 

 

 

 

 

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Aly Khimji | 26 Jan 20:46 2015
Picon

snmptrapd TCP vs UDP for hostname

Hey All, 

Wondering if you can shed some light on an odd issue I am having.

When sending UDP traps I am able to receive and translate the host name of the sender which I can translate and process in our Nagios setup without any issues.  However when using a tcp sent trap, which is exactly the same in terms of payload, the host name either isn't received? or is not passed to snmptrapd? I am not sure. This is posing a problem for processing the trap as the host name is missing. I am aware we can do some extra processing to resolve the IP to a host name in a post processing fashion and pass it over to the trap processor, but if the host name was received this would save extra steps.  Can anyone shed some light on the below? If you need more details please let me know. 

client:
snmpinform -v 2c -c public nagios-mgmt  '' enterprises.9999.6
server:
trap: drpmbuilderu01 UDP: [10.131.223.50]:46212->[10.137.217.19] .1.3.6.1.2.1.1.3.0 = 11:21:22:50.09,....

client:
snmpinform -v 2c -c public tcp:nagios-mgmt  '' enterprises.9999.6
server:
trap: TCP: [10.131.223.50]:40748 TCP: [10.131.223.50]:40748 .1.3.6.1.2.1.1.3.0 = 11:21:22:53.51, .....


installed pkgs
net-snmp-libs-5.5-49.el6_5.1.x86_64
net-snmp-perl-5.5-49.el6_5.1.x86_64
net-snmp-utils-5.5-49.el6_5.1.x86_64
net-snmp-devel-5.5-49.el6_5.1.x86_64
net-snmp-5.5-49.el6_5.1.x86_64

cat /etc/snmp/snmptrapd.conf
authCommunity log,execute,net public
traphandle default /usr/bin/trapproc.sh

cat /etc/sysconfig/snmptrapd
OPTIONS="-t -c /etc/snmp/snmptrapd.conf -On -Lsd -p /var/run/snmptrapd.pid -m ALL udp:162 tcp:162"


Thanks, 

Aly


------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Pak Leung Tam | 25 Jan 00:37 2015
Picon

Net-SNMP V5.7.x 64-bits binary installation on Windows Server 2012 R2

Dear Net-SNMP Users support group,

It is our business requirement to monitor a SafeNet HSM Luna G5 device using SNMP which only support the AgentX protocol. We are going to use NET-SNMP for this important task. Also, our security team allows only the latest version of NET-SNMP (i.e. Ver 5.7.x.x) to be installed on our production environment due to the fact that it exposed to least security vulnerability.  However, our server where the HSM device are connected is a Windows server 2012 R2 64-bits host. It seems that we can only found a 32-bit version of Net-SNMP 5.7 windows binary available and when we tried to install it on our 64-bit windows 2012 box, it clearly stated that the NET-SNMP Service will not be able to start. Our question is as follows: 

1) Can anyone provide a link or location of the NET-SNMP 5.7.X 64-bit windows binary ? 

2) NET-SNMP 5.5 64-bit is available but this version is vulnerable to TWO vulnerabilities :

a) CVE-2014-3565 - when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

b) CVE-2012-6151 
when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.

It seems that the vulnerabilities updates is only applicable to Linux/Unix platform only and we would like to know where can we found the Fix Patch for windows 64-bit platform ?

Highly appreciated your kind advance in advance.

Thanks & Regards
Patrick
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Anders Eriksson J | 22 Jan 16:37 2015
Picon

Forwarding traps to non default port

Hi, need some help.

Trying to forward traps to a non default port.
My snmptrapd.conf:
authCommunity log,net public
forward default udp:10.1.1.11:28380 public

I run (my agent sends to 28380):
snmptrapd -f -Lo udp:10.50.24.47:28380

But no traps are forwarded (nothing on my listener on 10.1.1.11:28380, 
nothing in tshark).

If I use the default port traps are forwarded.
My snmptrapd.conf:
authCommunity log,net public
forward default udp:10.1.1.11 public

Then I see the traps forwarded in tshark on port 161.

I have net-snmp-5.7.3 and run snmptrapd on Ubuntu 12.04.1.

BR/ Anders

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Chitrang Srivastava | 22 Jan 10:20 2015
Picon

OID length

Hi,

I am new to SNMP world, and trying to set(SNMPv2c) an OID , which is of type DisplayString,

If string is huge like 1300 bytes or so , I see length in OID is encoded as 1296 (0x0510)

Byte stream I see on wire shark is like 0x04 0x82 0x05 0x10

Why is that ? Is this SNMP v2c limitation or something ASN.1 related?

Please enlighten, Thanks

NB: If I use SNMPv3 i see length comes to 1200 (decrypted packet to check)
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
Roy Kleefman | 21 Jan 15:46 2015
Picon

Regarding a 32bit application with net-snmp running on a 64bit system

Hello all,

Let me first explain a bit about my situation:
I am working on an application (C#, developed in Visual Studio, running on linux with mono) which makes use of net-snmp. This application is 32bit, and makes use of the net-snmp .so files provided by the operating system (currently openSUSE 13.2). All the functions that it uses are declared via DllImport statements.

The application runs as a subagent and periodically sends SNMP traps regarding the application's and system health to the trapsink as configured in /etc/snmp/snmpd.conf file.

Now here's the actual issue:
When running my application on a 32bit OS, any traps generated by the application are sent fine and I have no issues. When I run the application on a 64bit OS, the application runs fine, but any attempts at sending a trap are met by an error containing the message "send_trap: no v2 trapOID varbind provided" (which seems weird as it does not throw this error when running on 32bit).

Now I've looked a bit around Google and in this mailing list if I could find anything that could resolve my issue, but I came up with nothing. The net-snmp tutorials don't mention anything about this as well, so I hope by asking here to get some more information.

Kind regards,

Roy Kleefman
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users <at> lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Gmane