2018-10-22 04:17 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0004655Kali Linux[All Projects] Tool Upgradepublic2018-08-23 12:01
Reporterg0tmi1k 
Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusnewResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0004655: [Debian Package] Update snmpcheck (not snmp-check) [isn't working with snmpwalk]
Descriptionsnmpcheck isn't working.
Looks like its not talking to snmpwalk correctly

```
root@kali:~# snmpcheck -x -H -y -f <REMOVED>
test: <REMOVED>
suff: <REMOVED>
test: <REMOVED>
suff: <REMOVED>
test: <REMOVED>
suff: <REMOVED>
test: <REMOVED>
suff: <REMOVED>
test: <REMOVED>
suff: <REMOVED>
test: <REMOVED>
suff:
No community name specified.cesses
USAGE: snmpwalk [OPTIONS] AGENT [OID]

  Version: 5.7.3
  Web: http://www.net-snmp.org/
  Email: net-snmp-coders@lists.sourceforge.net

OPTIONS:
  -h, --help display this help message
  -H display configuration file directives understood
  -v 1|2c|3 specifies SNMP version to use
  -V, --version display package version number
SNMP Version 1 or 2c specific
  -c COMMUNITY set the community string
SNMP Version 3 specific
  -a PROTOCOL set authentication protocol (MD5|SHA)
  -A PASSPHRASE set authentication protocol pass phrase
  -e ENGINE-ID set security engine ID (e.g. 800000020109840301)
  -E ENGINE-ID set context engine ID (e.g. 800000020109840301)
  -l LEVEL set security level (noAuthNoPriv|authNoPriv|authPriv)
  -n CONTEXT set context name (e.g. bridge1)
  -u USER-NAME set security name (e.g. bert)
  -x PROTOCOL set privacy protocol (DES|AES)
  -X PASSPHRASE set privacy protocol pass phrase
  -Z BOOTS,TIME set destination engine boots/time
General communication options
  -r RETRIES set the number of retries
  -t TIMEOUT set the request timeout (in seconds)
Debugging
  -d dump input/output packets in hexadecimal
  -D[TOKEN[,...]] turn on debugging output for the specified TOKENs
               (ALL gives extremely verbose debugging output)
General options
  -m MIB[:...] load given list of MIBs (ALL loads everything)
  -M DIR[:...] look in given list of directories for MIBs
    (default: /root/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp)
  -P MIBOPTS Toggle various defaults controlling MIB parsing:
              u: allow the use of underlines in MIB symbols
              c: disallow the use of "--" to terminate comments
              d: save the DESCRIPTIONs of the MIB objects
              e: disable errors when MIB symbols conflict
              w: enable warnings when MIB symbols conflict
              W: enable detailed warnings when MIB symbols conflict
              R: replace MIB symbols from latest module
  -O OUTOPTS Toggle various defaults controlling output display:
              0: print leading 0 for single-digit hex characters
              a: print all strings in ascii format
              b: do not break OID indexes down
              e: print enums numerically
              E: escape quotes in string indices
              f: print full OIDs on output
              n: print OIDs numerically
              q: quick print for easier parsing
              Q: quick print with equal-signs
              s: print only last symbolic element of OID
              S: print MIB module-id plus last element
              t: print timeticks unparsed as numeric integers
              T: print human-readable text along with hex strings
              u: print OIDs using UCD-style prefix suppression
              U: don't print units
              v: print values only (not OID = value)
              x: print all strings in hex format
              X: extended index format
  -I INOPTS Toggle various defaults controlling input parsing:
              b: do best/regex matching to find a MIB node
              h: don't apply DISPLAY-HINTs
              r: do not check values for range/type legality
              R: do random access to OID labels
              u: top-level OIDs must have '.' prefix (UCD-style)
              s SUFFIX: Append all textual OIDs with SUFFIX before parsing
              S PREFIX: Prepend all textual OIDs with PREFIX before parsing
  -L LOGOPTS Toggle various defaults controlling logging:
              e: log to standard error
              o: log to standard output
              n: don't log at all
              f file: log to the specified file
              s facility: log to syslog (via the specified facility)

              (variants)
              [EON] pri: log to standard error, output or /dev/null for level 'pri' and above
              [EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'
              [FS] pri token: log to file/syslog for level 'pri' and above
              [FS] p1-p2 token: log to file/syslog for levels 'p1' to 'p2'
  -C APPOPTS Set various application specific behaviours:
              p: print the number of variables found
              i: include given OID in the search range
              I: don't include the given OID, even if no results are returned
              c: do not check returned OIDs are increasing
              t: Display wall-clock time to complete the walk
              T: Display wall-clock time to complete each request
              E {OID}: End the walk at the specified OID
No community name specified.ipts
USAGE: snmpwalk [OPTIONS] AGENT [OID]

  Version: 5.7.3
  Web: http://www.net-snmp.org/
  Email: net-snmp-coders@lists.sourceforge.net

OPTIONS:
  -h, --help display this help message
  -H display configuration file directives understood
  -v 1|2c|3 specifies SNMP version to use
  -V, --version display package version number
SNMP Version 1 or 2c specific
  -c COMMUNITY set the community string
SNMP Version 3 specific
  -a PROTOCOL set authentication protocol (MD5|SHA)
  -A PASSPHRASE set authentication protocol pass phrase
  -e ENGINE-ID set security engine ID (e.g. 800000020109840301)
  -E ENGINE-ID set context engine ID (e.g. 800000020109840301)
  -l LEVEL set security level (noAuthNoPriv|authNoPriv|authPriv)
  -n CONTEXT set context name (e.g. bridge1)
  -u USER-NAME set security name (e.g. bert)
  -x PROTOCOL set privacy protocol (DES|AES)
  -X PASSPHRASE set privacy protocol pass phrase
  -Z BOOTS,TIME set destination engine boots/time
General communication options
  -r RETRIES set the number of retries
  -t TIMEOUT set the request timeout (in seconds)
Debugging
  -d dump input/output packets in hexadecimal
  -D[TOKEN[,...]] turn on debugging output for the specified TOKENs
               (ALL gives extremely verbose debugging output)
General options
  -m MIB[:...] load given list of MIBs (ALL loads everything)
  -M DIR[:...] look in given list of directories for MIBs
    (default: /root/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp)
  -P MIBOPTS Toggle various defaults controlling MIB parsing:
              u: allow the use of underlines in MIB symbols
              c: disallow the use of "--" to terminate comments
              d: save the DESCRIPTIONs of the MIB objects
              e: disable errors when MIB symbols conflict
              w: enable warnings when MIB symbols conflict
              W: enable detailed warnings when MIB symbols conflict
              R: replace MIB symbols from latest module
  -O OUTOPTS Toggle various defaults controlling output display:
              0: print leading 0 for single-digit hex characters
              a: print all strings in ascii format
              b: do not break OID indexes down
              e: print enums numerically
              E: escape quotes in string indices
              f: print full OIDs on output
              n: print OIDs numerically
              q: quick print for easier parsing
              Q: quick print with equal-signs
              s: print only last symbolic element of OID
              S: print MIB module-id plus last element
              t: print timeticks unparsed as numeric integers
              T: print human-readable text along with hex strings
              u: print OIDs using UCD-style prefix suppression
              U: don't print units
              v: print values only (not OID = value)
              x: print all strings in hex format
              X: extended index format
  -I INOPTS Toggle various defaults controlling input parsing:
              b: do best/regex matching to find a MIB node
              h: don't apply DISPLAY-HINTs
              r: do not check values for range/type legality
              R: do random access to OID labels
              u: top-level OIDs must have '.' prefix (UCD-style)
              s SUFFIX: Append all textual OIDs with SUFFIX before parsing
              S PREFIX: Prepend all textual OIDs with PREFIX before parsing
  -L LOGOPTS Toggle various defaults controlling logging:
              e: log to standard error
              o: log to standard output
              n: don't log at all
              f file: log to the specified file
              s facility: log to syslog (via the specified facility)

              (variants)
              [EON] pri: log to standard error, output or /dev/null for level 'pri' and above
              [EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'
              [FS] pri token: log to file/syslog for level 'pri' and above
              [FS] p1-p2 token: log to file/syslog for levels 'p1' to 'p2'
  -C APPOPTS Set various application specific behaviours:
              p: print the number of variables found
              i: include given OID in the search range
              I: don't include the given OID, even if no results are returned
              c: do not check returned OIDs are increasing
              t: Display wall-clock time to complete the walk
              T: Display wall-clock time to complete each request
              E {OID}: End the walk at the specified OID
root@kali:~#
```
Steps To ReproduceI didn't use the GUI at all, just cli.

Works: snmp-check <REMOVED> -c public
Doesn't work:
- snmpcheck <REMOVED>
- snmpcheck -H <REMOVED>
- snmpcheck -x <REMOVED>
- snmpcheck -x -H -y -f <REMOVED>


Additional Informationsnmpcheck != snmp-check
Two different things and snmp-check works!


```
Upstream Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898197
Upstream package bug report: https://sourceforge.net/p/net-snmp/bugs/2877/
````
Attached Files

-Relationships
+Relationships

-Notes

~0008983

rhertzog (administrator)

"snmpcheck" without any dash is part of net-snmp and is provided by the Debian package "snmp".

"snmp-check" is part of Kali's snmp-check package and is a different thing as you said.

Since you report a bug in "snmpcheck", it would be nice to report this bug to the upstream developers. I can't find any similar bug report currently:
Neither upstream: https://sourceforge.net/p/net-snmp/bugs/search/?q=snmpcheck
Nor in Debian: https://bugs.debian.org/cgi-bin/pkgreport.cgi?archive=0;dist=unstable;ordering=normal;repeatmerged=0;src=net-snmp

Can you take care of filing a bug report to upstream ?

Can you explain how to reproduce ? (<REMOVED> does not help to reproduce, and don't assume we have any snmp capable device around, we should install an snmpd in the process too)

Also this is just a perl script, there are two calls to snmpwalk. If you add "-V 6" then you will see the command lines used with "snmpwalk" and you will be able to see what's wrong in the call. And you might be able to provide a fix too...

~0009146

g0tmi1k (administrator)

Sent bug report upstream

"<REMOVED>" was done on a live target.

Now installed snmpd

```
$ sudo apt -y install snmpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
snmpd is already the newest version (5.7.3+dfsg-1.8).
The following packages were automatically installed and are no longer required:
  geoclue-2.0 libqt5positioning5 libqt5qml5 libqt5quick5 libqt5sensors5 libqt5webchannel5 libqt5webkit5
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
g0tmi1k@kali-dev:~$
g0tmi1k@kali-dev:~$ sudo systemctl start snmpd
g0tmi1k@kali-dev:~$
g0tmi1k@kali-dev:~$ snmpcheck -x -H -y -f 127.0.0.1
test: .1.3.6.1.4.1.2021.2.1
suff: .2.1
test: .1.3.6.1.4.1.2021.4
suff:
test: .1.3.6.1.4.1.2021.8.1
suff: .8.1
test: .1.3.6.1.4.1.2021.9.1
suff: .9.1
test: .1.3.6.1.4.1.2021.10.1
suff: .10.1
test: .1.3.6.1.4.1.2021.101
suff:
No community name specified.s
USAGE: snmpwalk [OPTIONS] AGENT [OID]

  Version: 5.7.3
...SNIP...
              E {OID}: End the walk at the specified OID
No community name specified.
USAGE: snmpwalk [OPTIONS] AGENT [OID]

  Version: 5.7.3
...SNIP...
              E {OID}: End the walk at the specified OID
$
```

What I believe to be the fix:

```
$ git diff
diff --git a/snmpcheck b/snmpcheck
index a69e640..2df103f 100755
--- a/snmpcheck
+++ b/snmpcheck
@@ -27,8 +27,8 @@ $mibupdateconfig="$mibheadall.100.VERUPDATECONFIG";
                 '.10.1' => 1,
                 '.101' => 1);
 $errlog="/net/tyfon/1/OV/log/ece-log";
-$default_get_args = "-v 1 %s private";
-$default_set_args = "-v 1 %s private";
+$default_get_args = "-v 1 -c private %s ";
+$default_set_args = "-v 1 -c private %s ";
 $andlog=0;
 $snmppath="/usr/bin";
 $eraseline=" \r";
$

```

~0009147

g0tmi1k (administrator)

Last edited: 2018-08-06 15:47

View 2 revisions

Upstream Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898197

Upstream package bug report: https://sourceforge.net/p/net-snmp/bugs/2877/

~0009432

g0tmi1k (administrator)

Looks like Debian has addressed this issue in `net-snmp 5.7.3+dfsg-4` ~ https://salsa.debian.org/debian/net-snmp/commit/c481ce2247050b064192be10e67686637aa2ea58

`Date: Fri, 20 Jul 2018 10:47:32 +0000` ~ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898197

~0009509

g0tmi1k (administrator)

Issue is in Debian's hands now.
+Notes

-Issue History
Date Modified Username Field Change
2018-03-27 09:02 g0tmi1k New Issue
2018-04-02 20:37 rhertzog Note Added: 0008983
2018-04-02 20:40 rhertzog Assigned To => rhertzog
2018-04-02 20:40 rhertzog Status new => feedback
2018-04-10 11:40 g0tmi1k Assigned To rhertzog => g0tmi1k
2018-05-08 15:55 g0tmi1k Note Added: 0009146
2018-05-08 16:01 g0tmi1k Note Added: 0009147
2018-08-06 14:05 g0tmi1k Steps to Reproduce Updated View Revisions
2018-08-06 15:47 g0tmi1k Note Edited: 0009147 View Revisions
2018-08-06 15:47 g0tmi1k Note Added: 0009430
2018-08-06 15:48 g0tmi1k Additional Information Updated View Revisions
2018-08-06 16:30 g0tmi1k Note Deleted: 0009430
2018-08-06 16:31 g0tmi1k Note Added: 0009432
2018-08-23 08:59 g0tmi1k Assigned To g0tmi1k =>
2018-08-23 08:59 g0tmi1k Status feedback => new
2018-08-23 08:59 g0tmi1k Resolution open => no change required
2018-08-23 08:59 g0tmi1k Note Added: 0009509
2018-08-23 09:44 g0tmi1k Resolution no change required => open
2018-08-23 09:44 g0tmi1k Category Kali Package Bug => Tool Upgrade
2018-08-23 12:01 g0tmi1k Summary snmpcheck (not snmp-check) isn't working with snmpwalk => [Debian Package] Update snmpcheck (not snmp-check) [isn't working with snmpwalk]
+Issue History