Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1021129
|
|
SecurityTracker URL: http://securitytracker.com/id?1021129
|
|
CVE Reference: CVE-2008-4309
(Links to External Site)
|
Date: Nov 3 2008
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 5.2 prior to 5.2.5.1, 5.3 prior to 5.3.2.3, and 5.4 prior to 5.4.2.1
|
Description: A vulnerability was reported in Net-snmp. A remote user can cause denial of service conditions.
A remote user can send a specially crafted GETBULK request to cause the target service to crash.
|
Impact: A remote user can cause the target service to crash.
|
Solution: The vendor has issued a fix (5.2.5.1, 5.3.2.3, and 5.4.2.1).
The vendor's advisory is available at:
http://sourceforge.net/forum/forum.php?forum_id=882903
|
Vendor URL: www.net-snmp.org/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Mon, 3 Nov 2008 12:26:25 -0500
Subject: net-snmp
|
http://sourceforge.net/forum/forum.php?forum_id=882903
SECURITY ISSUE: A bug in the getbulk handling code could let anyone with even minimal
access crash the agent. If you have open access to your snmp agents (bad bad bad; stop
doing that!) or if you don't trust everyone that does have access to your agents you
should updated immediately to prevent potential denial of service attacks.
CVE-2008-4309
|
|
