openssl

Compiling Net-SNMP v5.6.1 on Ubuntu 22.04

Posted 2023-03-15 in Software

A colleague wanted to learn fuzzing and they picked SNMP as the protocol they wanted to target. The plan was to find the oldest version of Net-SNMP we can find to fuzz so they’re more likely to find a crash. We checked out a release from 2000, but couldn’t get the configure script to work, then jumped to Net-SNMP v5.6.1, which is still a very old version of Net-SNMP from 2011. It didn’t compile immediately but I felt that it could be coaxed into compiling.

I managed to get this version to compile, but it wasn’t straightforward. The first thing we need to do is compile a version of OpenSSL that is from around 2011 as the API has changed enough to break things, and it was necessary to disable some features in Net-SNMP we didn’t need. I should note that although I have got this to compile and I can run “snmpget -v”, I have not tested this build in any meaningful way so I may not work.

The first thing to do is set a variable to hold the path of where we will install everything, this is used as the –prefix argument passed to autoconf.

PREFIX_DIR=$HOME/snmp/_output

Let’s grab a copy of the OpenSSL source code and checkout a version from around 2011.

git clone https://github.com/openssl/openssl
git checkout OpenSSL_1_0_0c

Now we need to configure the build, this is pretty simple, we just set the prefix and use the “linux-generic64” profile.

./Configure --prefix=$PREFIX_DIR linux-generic64

Next we compile using make. I deliberately did not use a parallel build here, I found even setting “-j2” breaks one of the linking steps.

make
make install_sw

Net-SNMP

We can now build Net-SNMP, first step is to grab a copy of the source code. We get it from Github, just as we did with OpenSSL.

git clone https://github.com/net-snmp/net-snmp
git checkout v5.6.1

This time we have a more complicated configure setup. The first thing to note is we use “–with-openssl” to point autoconf at the OpenSSL we just built. The next thing to note is we disable Perl and Python moudules, this is because they also will not work with the newest version so those packages.

./configure --with-openssl=$PREFIX_DIR \
	    --with-defaults \
	    --without-perl-modules \
	    --disable-embedded-perl \
	    --without-python-modules \
	    --disable-shared \
	    --enable-static \
	    --prefix=$PREFIX_DIR

Next we can compile using make, this time we can use parallel build. We set LDFLAGS here to force the linker to chose the OpenSSL we built, and not the system version.

make -j$(nproc) LDFLAGS="-L${PREFIX_DIR}/lib"
make install

All done! We have a built Net-SNMP.

build linux openssl

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.