thr3ads.net - Secure testing team - [Secure-testing-team] Bug#504150: snmpd: DoS in getbulk handling code in net-snmp [Nov 2008]

If this information is useful, please help other people find it:
Share via:

Steffen Joeris

2008-Nov-01 06:51 UTC

[Secure-testing-team] Bug#504150: snmpd: DoS in getbulk handling code in net-snmp

Package: snmpd
Severity: grave
Tags: security, patch
Justification: user security hole

Hi

The following announcement has been released by net-snmp upstream:

SECURITY ISSUE: A bug in the getbulk handling code could let anyone
with even minimal access crash the agent. If you have open access 
to your snmp agents (bad bad bad; stop doing that!) or if you don''t 
trust everyone that does have access to your agents you should 
updated immediately to prevent potential denial of service attacks.


You can find the upstream patch here[0], which applies fine to the sid
version.

Once we get a CVE id for this issue, I''ll forward it to this bugreport.

For lenny, I guess an upload to sid with high urgency should be sufficient.
I''ll email you soon about the stable situation.

Cheers
Steffen

[0]:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-2-1/net-snmp/agent/snmp_agent.c?view=patch&r1=17272&r2=17271&pathrev=17272

Secure testing team - Nov 2008 - Bug#504150: snmpd: DoS in getbulk handling code in net-snmp

[Secure-testing-team] Bug#504150: snmpd: DoS in getbulk handling code in net-snmp