View Issue Details

IDProjectCategoryView StatusLast Update
0004655Kali LinuxTool Upgrade Requestpublic2021-06-23 20:42
Reporterg0tmi1k Assigned Tosteev  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Summary0004655: [Debian Package] Update snmpcheck (not snmp-check) [isn't working with snmpwalk]
Description

snmpcheck isn't working.
Looks like its not talking to snmpwalk correctly

root@kali:~# snmpcheck -x -H -y -f <REMOVED>
test: <REMOVED>
suff: <REMOVED>
test: <REMOVED>
suff: <REMOVED>
test: <REMOVED>
suff: <REMOVED>
test: <REMOVED>
suff: <REMOVED>
test: <REMOVED>
suff: <REMOVED>
test: <REMOVED>
suff: 
No community name specified.cesses                                         
USAGE: snmpwalk [OPTIONS] AGENT [OID]

  Version:  5.7.3
  Web:      http://www.net-snmp.org/
  Email:    [email protected]

OPTIONS:
  -h, --help        display this help message
  -H            display configuration file directives understood
  -v 1|2c|3     specifies SNMP version to use
  -V, --version     display package version number
SNMP Version 1 or 2c specific
  -c COMMUNITY      set the community string
SNMP Version 3 specific
  -a PROTOCOL       set authentication protocol (MD5|SHA)
  -A PASSPHRASE     set authentication protocol pass phrase
  -e ENGINE-ID      set security engine ID (e.g. 800000020109840301)
  -E ENGINE-ID      set context engine ID (e.g. 800000020109840301)
  -l LEVEL      set security level (noAuthNoPriv|authNoPriv|authPriv)
  -n CONTEXT        set context name (e.g. bridge1)
  -u USER-NAME      set security name (e.g. bert)
  -x PROTOCOL       set privacy protocol (DES|AES)
  -X PASSPHRASE     set privacy protocol pass phrase
  -Z BOOTS,TIME     set destination engine boots/time
General communication options
  -r RETRIES        set the number of retries
  -t TIMEOUT        set the request timeout (in seconds)
Debugging
  -d            dump input/output packets in hexadecimal
  -D[TOKEN[,...]]   turn on debugging output for the specified TOKENs
               (ALL gives extremely verbose debugging output)
General options
  -m MIB[:...]      load given list of MIBs (ALL loads everything)
  -M DIR[:...]      look in given list of directories for MIBs
    (default: /root/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp)
  -P MIBOPTS        Toggle various defaults controlling MIB parsing:
              u:  allow the use of underlines in MIB symbols
              c:  disallow the use of "--" to terminate comments
              d:  save the DESCRIPTIONs of the MIB objects
              e:  disable errors when MIB symbols conflict
              w:  enable warnings when MIB symbols conflict
              W:  enable detailed warnings when MIB symbols conflict
              R:  replace MIB symbols from latest module
  -O OUTOPTS        Toggle various defaults controlling output display:
              0:  print leading 0 for single-digit hex characters
              a:  print all strings in ascii format
              b:  do not break OID indexes down
              e:  print enums numerically
              E:  escape quotes in string indices
              f:  print full OIDs on output
              n:  print OIDs numerically
              q:  quick print for easier parsing
              Q:  quick print with equal-signs
              s:  print only last symbolic element of OID
              S:  print MIB module-id plus last element
              t:  print timeticks unparsed as numeric integers
              T:  print human-readable text along with hex strings
              u:  print OIDs using UCD-style prefix suppression
              U:  don't print units
              v:  print values only (not OID = value)
              x:  print all strings in hex format
              X:  extended index format
  -I INOPTS     Toggle various defaults controlling input parsing:
              b:  do best/regex matching to find a MIB node
              h:  don't apply DISPLAY-HINTs
              r:  do not check values for range/type legality
              R:  do random access to OID labels
              u:  top-level OIDs must have '.' prefix (UCD-style)
              s SUFFIX:  Append all textual OIDs with SUFFIX before parsing
              S PREFIX:  Prepend all textual OIDs with PREFIX before parsing
  -L LOGOPTS        Toggle various defaults controlling logging:
              e:           log to standard error
              o:           log to standard output
              n:           don't log at all
              f file:      log to the specified file
              s facility:  log to syslog (via the specified facility)

              (variants)
              [EON] pri:   log to standard error, output or /dev/null for level 'pri' and above
              [EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'
              [FS] pri token:    log to file/syslog for level 'pri' and above
              [FS] p1-p2 token:  log to file/syslog for levels 'p1' to 'p2'
  -C APPOPTS        Set various application specific behaviours:
              p:  print the number of variables found
              i:  include given OID in the search range
              I:  don't include the given OID, even if no results are returned
              c:  do not check returned OIDs are increasing
              t:  Display wall-clock time to complete the walk
              T:  Display wall-clock time to complete each request
              E {OID}:  End the walk at the specified OID
No community name specified.ipts                                           
USAGE: snmpwalk [OPTIONS] AGENT [OID]

  Version:  5.7.3
  Web:      http://www.net-snmp.org/
  Email:    [email protected]

OPTIONS:
  -h, --help        display this help message
  -H            display configuration file directives understood
  -v 1|2c|3     specifies SNMP version to use
  -V, --version     display package version number
SNMP Version 1 or 2c specific
  -c COMMUNITY      set the community string
SNMP Version 3 specific
  -a PROTOCOL       set authentication protocol (MD5|SHA)
  -A PASSPHRASE     set authentication protocol pass phrase
  -e ENGINE-ID      set security engine ID (e.g. 800000020109840301)
  -E ENGINE-ID      set context engine ID (e.g. 800000020109840301)
  -l LEVEL      set security level (noAuthNoPriv|authNoPriv|authPriv)
  -n CONTEXT        set context name (e.g. bridge1)
  -u USER-NAME      set security name (e.g. bert)
  -x PROTOCOL       set privacy protocol (DES|AES)
  -X PASSPHRASE     set privacy protocol pass phrase
  -Z BOOTS,TIME     set destination engine boots/time
General communication options
  -r RETRIES        set the number of retries
  -t TIMEOUT        set the request timeout (in seconds)
Debugging
  -d            dump input/output packets in hexadecimal
  -D[TOKEN[,...]]   turn on debugging output for the specified TOKENs
               (ALL gives extremely verbose debugging output)
General options
  -m MIB[:...]      load given list of MIBs (ALL loads everything)
  -M DIR[:...]      look in given list of directories for MIBs
    (default: /root/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp)
  -P MIBOPTS        Toggle various defaults controlling MIB parsing:
              u:  allow the use of underlines in MIB symbols
              c:  disallow the use of "--" to terminate comments
              d:  save the DESCRIPTIONs of the MIB objects
              e:  disable errors when MIB symbols conflict
              w:  enable warnings when MIB symbols conflict
              W:  enable detailed warnings when MIB symbols conflict
              R:  replace MIB symbols from latest module
  -O OUTOPTS        Toggle various defaults controlling output display:
              0:  print leading 0 for single-digit hex characters
              a:  print all strings in ascii format
              b:  do not break OID indexes down
              e:  print enums numerically
              E:  escape quotes in string indices
              f:  print full OIDs on output
              n:  print OIDs numerically
              q:  quick print for easier parsing
              Q:  quick print with equal-signs
              s:  print only last symbolic element of OID
              S:  print MIB module-id plus last element
              t:  print timeticks unparsed as numeric integers
              T:  print human-readable text along with hex strings
              u:  print OIDs using UCD-style prefix suppression
              U:  don't print units
              v:  print values only (not OID = value)
              x:  print all strings in hex format
              X:  extended index format
  -I INOPTS     Toggle various defaults controlling input parsing:
              b:  do best/regex matching to find a MIB node
              h:  don't apply DISPLAY-HINTs
              r:  do not check values for range/type legality
              R:  do random access to OID labels
              u:  top-level OIDs must have '.' prefix (UCD-style)
              s SUFFIX:  Append all textual OIDs with SUFFIX before parsing
              S PREFIX:  Prepend all textual OIDs with PREFIX before parsing
  -L LOGOPTS        Toggle various defaults controlling logging:
              e:           log to standard error
              o:           log to standard output
              n:           don't log at all
              f file:      log to the specified file
              s facility:  log to syslog (via the specified facility)

              (variants)
              [EON] pri:   log to standard error, output or /dev/null for level 'pri' and above
              [EON] p1-p2: log to standard error, output or /dev/null for levels 'p1' to 'p2'
              [FS] pri token:    log to file/syslog for level 'pri' and above
              [FS] p1-p2 token:  log to file/syslog for levels 'p1' to 'p2'
  -C APPOPTS        Set various application specific behaviours:
              p:  print the number of variables found
              i:  include given OID in the search range
              I:  don't include the given OID, even if no results are returned
              c:  do not check returned OIDs are increasing
              t:  Display wall-clock time to complete the walk
              T:  Display wall-clock time to complete each request
              E {OID}:  End the walk at the specified OID
root@kali:~# 
Steps To Reproduce

I didn't use the GUI at all, just cli.

Works: snmp-check <REMOVED> -c public
Doesn't work:

  • snmpcheck <REMOVED>
  • snmpcheck -H <REMOVED>
  • snmpcheck -x <REMOVED>
  • snmpcheck -x -H -y -f <REMOVED>
Additional Information

snmpcheck != snmp-check
Two different things and snmp-check works!

Upstream Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898197
Upstream package bug report: https://sourceforge.net/p/net-snmp/bugs/2877/

Activities

rhertzog

rhertzog

2018-04-02 20:37

administrator   ~0008983

"snmpcheck" without any dash is part of net-snmp and is provided by the Debian package "snmp".

"snmp-check" is part of Kali's snmp-check package and is a different thing as you said.

Since you report a bug in "snmpcheck", it would be nice to report this bug to the upstream developers. I can't find any similar bug report currently:
Neither upstream: https://sourceforge.net/p/net-snmp/bugs/search/?q=snmpcheck
Nor in Debian: https://bugs.debian.org/cgi-bin/pkgreport.cgi?archive=0;dist=unstable;ordering=normal;repeatmerged=0;src=net-snmp

Can you take care of filing a bug report to upstream ?

Can you explain how to reproduce ? (<REMOVED> does not help to reproduce, and don't assume we have any snmp capable device around, we should install an snmpd in the process too)

Also this is just a perl script, there are two calls to snmpwalk. If you add "-V 6" then you will see the command lines used with "snmpwalk" and you will be able to see what's wrong in the call. And you might be able to provide a fix too...

g0tmi1k

g0tmi1k

2018-05-08 15:55

administrator   ~0009146

Sent bug report upstream

"<REMOVED>" was done on a live target.

Now installed snmpd

$ sudo apt -y install snmpd
Reading package lists... Done
Building dependency tree       
Reading state information... Done
snmpd is already the newest version (5.7.3+dfsg-1.8).
The following packages were automatically installed and are no longer required:
  geoclue-2.0 libqt5positioning5 libqt5qml5 libqt5quick5 libqt5sensors5 libqt5webchannel5 libqt5webkit5
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
g0tmi1k@kali-dev:~$
g0tmi1k@kali-dev:~$ sudo systemctl start snmpd
g0tmi1k@kali-dev:~$ 
g0tmi1k@kali-dev:~$ snmpcheck  -x -H -y -f 127.0.0.1
test: .1.3.6.1.4.1.2021.2.1
suff: .2.1
test: .1.3.6.1.4.1.2021.4
suff: 
test: .1.3.6.1.4.1.2021.8.1
suff: .8.1
test: .1.3.6.1.4.1.2021.9.1
suff: .9.1
test: .1.3.6.1.4.1.2021.10.1
suff: .10.1
test: .1.3.6.1.4.1.2021.101
suff: 
No community name specified.s                                              
USAGE: snmpwalk [OPTIONS] AGENT [OID]

  Version:  5.7.3
...SNIP...
              E {OID}:  End the walk at the specified OID
No community name specified.                                               
USAGE: snmpwalk [OPTIONS] AGENT [OID]

  Version:  5.7.3
...SNIP...
              E {OID}:  End the walk at the specified OID
$

What I believe to be the fix:

$ git diff
diff --git a/snmpcheck b/snmpcheck
index a69e640..2df103f 100755
--- a/snmpcheck
+++ b/snmpcheck
@@ -27,8 +27,8 @@ $mibupdateconfig=&quot;$mibheadall.100.VERUPDATECONFIG&quot;;
                 '.10.1' => 1,
                 '.101' => 1);
 $errlog=&quot;/net/tyfon/1/OV/log/ece-log&quot;;
-$default_get_args = &quot;-v 1 %s private&quot;;
-$default_set_args = &quot;-v 1 %s private&quot;;
+$default_get_args = &quot;-v 1 -c private %s &quot;;
+$default_set_args = &quot;-v 1 -c private %s &quot;;
 $andlog=0;
 $snmppath=&quot;/usr/bin&quot;;
 $eraseline=&quot;                                                                           \r&quot;;
$ 
g0tmi1k

g0tmi1k

2018-05-08 16:01

administrator   ~0009147

Last edited: 2018-08-06 15:47

Upstream Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898197

Upstream package bug report: https://sourceforge.net/p/net-snmp/bugs/2877/

g0tmi1k

g0tmi1k

2018-08-06 16:31

administrator   ~0009432

Looks like Debian has addressed this issue in net-snmp 5.7.3+dfsg-4 ~ https://salsa.debian.org/debian/net-snmp/commit/c481ce2247050b064192be10e67686637aa2ea58

Date: Fri, 20 Jul 2018 10:47:32 +0000 ~ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898197

g0tmi1k

g0tmi1k

2018-08-23 08:59

administrator   ~0009509

Issue is in Debian's hands now.

steev

steev

2021-06-23 20:42

manager   ~0014798

This issue should be fixed as we have > 5.7.3+dfsg-4 in Kali. Please feel free to re-open the issue if you're still experiencing problems with the package!

Issue History

Date Modified Username Field Change
2018-03-27 09:02 g0tmi1k New Issue
2018-04-02 20:37 rhertzog Note Added: 0008983
2018-04-02 20:40 rhertzog Assigned To => rhertzog
2018-04-02 20:40 rhertzog Status new => feedback
2018-04-10 11:40 g0tmi1k Assigned To rhertzog => g0tmi1k
2018-05-08 15:55 g0tmi1k Note Added: 0009146
2018-05-08 16:01 g0tmi1k Note Added: 0009147
2018-08-06 14:05 g0tmi1k Steps to Reproduce Updated
2018-08-06 15:47 g0tmi1k Note Edited: 0009147
2018-08-06 15:48 g0tmi1k Additional Information Updated
2018-08-06 16:31 g0tmi1k Note Added: 0009432
2018-08-23 08:59 g0tmi1k Assigned To g0tmi1k =>
2018-08-23 08:59 g0tmi1k Status feedback => new
2018-08-23 08:59 g0tmi1k Resolution open => no change required
2018-08-23 08:59 g0tmi1k Note Added: 0009509
2018-08-23 09:44 g0tmi1k Resolution no change required => open
2018-08-23 09:44 g0tmi1k Category Kali Package Bug => Tool Upgrade
2018-08-23 12:01 g0tmi1k Summary snmpcheck (not snmp-check) isn't working with snmpwalk => [Debian Package] Update snmpcheck (not snmp-check) [isn't working with snmpwalk]
2021-05-31 13:37 rhertzog Category Tool Upgrade => Tool Upgrade Request
2021-06-23 20:42 steev Assigned To => steev
2021-06-23 20:42 steev Status new => resolved
2021-06-23 20:42 steev Resolution open => fixed
2021-06-23 20:42 steev Note Added: 0014798