Page MenuHomeVyOS Platform

VyOS 1.2 Crux (VyOS 1.2.7)Milestone
ArchivedPublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Jul 12 2023

zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

I did not report it to the upstream, but another vendor helped me to report it to the upstream and gave me the relevant CVE number. You can check the following link about netsnmp: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016139

Jul 12 2023, 12:41 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Jul 11 2023

syncer added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

@zoenan7 have you managed to report to upstream?

Jul 11 2023, 1:21 PM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Aug 29 2022

syncer edited projects for T3835: vyos router 1.2.7 snmp Dos bug, added: VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).
Aug 29 2022, 7:05 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Nov 6 2021

syncer edited projects for T3835: vyos router 1.2.7 snmp Dos bug, added: VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.
Nov 6 2021, 11:24 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Nov 5 2021

zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

Alternatively, can you provide the contact information of NET-SNMP's PRIST? I can also contact him for vulnerability disclosure.

Nov 5 2021, 6:43 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

Yes, I also believe that this crash exists in all current versions of NET-SNMP. And I also found this vulnerability in the source code of the latest version of Net-SNMP( version 5.9.1), and I compiled and installed net-SNMP on Ubuntu to duplicate this vulnerability. But I can't find the contact information of NET-SNMP. It seems that only the cooperative manufacturer can contact him. Can you negotiate with them to disclose this vulnerability?

Nov 5 2021, 6:41 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Nov 2 2021

dmbaturin added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

@zoenan7 Sorry for the late reply! Yes, I got your email and could reproduce the crash using your PoC.

Nov 2 2021, 11:26 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Oct 10 2021

c-po closed T3899: Add support for hd44780 LCD displays, a subtask of T2564: Extend VyOS to support appliance LCDs, as Resolved.
Oct 10 2021, 5:08 PM · VyOS 1.2 Crux (VyOS 1.2.7)

Oct 8 2021

zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

@dmbaturin Did you get my email? If not, please let me know and I will send it again

Oct 8 2021, 6:23 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Sep 27 2021

zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

By the way, the SNMPD service of the router will not restart automatically. After the SNMP service is attacked, the SNMP service cannot be restored even if the device is restarted, which may be an inappropriate implementation.

Sep 27 2021, 7:45 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

I have a question. If you confirm the existence of the vulnerability, can you report to the NET-SNMP vendor and apply for a CVE number?

Sep 27 2021, 7:37 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

I have sent the POC of the vulnerability to [email protected].

Sep 27 2021, 7:35 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

By the way, The password of the compressed package is HGkasjgJFYL261.

Sep 27 2021, 7:28 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
zoenan7 added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

Hello, I have found three vulnerabilities in V1.2.7, one of which can also be reproduced in V1.3, please continue to check the other versions, I will send all three POCs to your email, thank you for your work.

Sep 27 2021, 7:25 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Sep 26 2021

dmbaturin added a comment to T3835: vyos router 1.2.7 snmp Dos bug.

@zoenan7 Thanks for your research! You can send the PoC to [email protected]

Sep 26 2021, 8:30 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta
syncer assigned T3835: vyos router 1.2.7 snmp Dos bug to dmbaturin.
Sep 26 2021, 8:01 AM · VyOS 1.3 Equuleus (1.3.3), VyOS 1.4 Sagitta

Sep 19 2021

c-po moved T2927: isc-dhcpd release and expiry events never execute from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.
Sep 19 2021, 10:35 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.4 Sagitta
c-po added a project to T2927: isc-dhcpd release and expiry events never execute: VyOS 1.3 Equuleus (1.3.0-epa1).
Sep 19 2021, 10:35 AM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.4 Sagitta

Sep 10 2021

dmbaturin removed a project from T2564: Extend VyOS to support appliance LCDs: VyOS 1.3 Equuleus.
Sep 10 2021, 2:41 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2061: protocol logs not sent to remote syslog: VyOS 1.3 Equuleus.
Sep 10 2021, 2:41 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3289: No description for node "service" conf-mode: VyOS 1.3 Equuleus.
Sep 10 2021, 2:41 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.4 Sagitta
dmbaturin removed a project from T2841: "monitor bandwidth-test initiate" does not accept IPv6 address as option: VyOS 1.3 Equuleus.
Sep 10 2021, 2:41 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T1773: Make it possible to export config to JSON: VyOS 1.3 Equuleus.
Sep 10 2021, 2:41 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3292: RIPng: access-lists/prefix-list reference IPv4 and not IPv6 lists during verification: VyOS 1.3 Equuleus.
Sep 10 2021, 2:41 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2310: vyos-cloud-init use global config to configure pass and ssh login: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T1774: Add a show config operation to the HTTP API: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T1957: PPPoE server: maintenance mode: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2521: Need to restart pdns-recursor to check new entries in /etc/hosts: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2927: isc-dhcpd release and expiry events never execute: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.3 Equuleus (1.3.0-epa1), VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.4 Sagitta
dmbaturin removed a project from T2972: PPPoE server rate limiter allows max 65535 kbps to be set: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3035: Allow IPv4 over IPv6 IPsec and vice versa: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2973: tftp-server cannot listen on IPv6 address: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3304: No way to use ipv4 address as next-hop in route-map: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.4 Sagitta, VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3175: Dynamic DNS validations don't reflect supported protocols in ddclient: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3237: DHCP Server Static-Mapping Validation Error: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3265: RPKI: Cache-peer SSH connection misses public key portion: VyOS 1.3 Equuleus.
Sep 10 2021, 2:40 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3037: Bgp afi ipv6-unicast capability dynamic bug: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2647: ipsec disableuniqreqids generate a wrong ipsec.conf: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2932: The second QAT device does not start: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2878: LACP / bonding: new op-mode command: show interfaces bonding bond0 detail: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2891: Support to change ring-buffers from CLI: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · Restricted Project, VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2902: "add system image" fails when appending XX to image name: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T2984: (igb, ixgbe) HW queues applied only for the first 2 interfaces : VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3016: dhcp-server: use better constraint error message on invalid subnet: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3085: IPv6 BGP Neighbor Weight: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3126: unsuppress-map doesn't work for BGP IPv4: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3094: Can not specify multiple deny ports in FW rule: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3152: wan-load-balance does not show connections: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3246: OSPFv3 router ID not configured in FRR: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)
dmbaturin removed a project from T3194: OSPF redistribution metric issue: VyOS 1.3 Equuleus.
Sep 10 2021, 2:39 PM · VyOS 1.2 Crux (VyOS 1.2.7)