SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   VMware ESXi Vendors:   VMware
(VMware Issues Fix for ESX) Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1023594
SecurityTracker URL:  http://securitytracker.com/id/1023594
CVE Reference:   CVE-2009-1887   (Links to External Site)
Updated:  Mar 9 2010
Original Entry Date:  Feb 16 2010
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.3, 3.5
Description:   A vulnerability was reported in Net-snmp. A remote user can cause denial of service conditions. VMware ESX is affected.

A remote user can send a specially crafted GETBULK request to trigger a divide-by-zero error and cause the target snmpd service to crash.

Red Hat Enterprise Linux version 3 is affected.

The upstream vendor's version is not affected.

The vulnerable code was introduced as part of the fix for CVE-2008-4309 (Alert ID 1021129). However, the upstream version has additional code that prevents the flaw from occurring that the Red Hat Enterprise Linux 3 version did not have.

Impact:   A remote user can cause the target snmpd daemon to crash.
Solution:   VMware has issued a fix for ESX:

ESX 3.5
-------
ESX350-201002401-SG
http://download3.vmware.com/software/vi/ESX350-201002401-SG.zip
md5sum: a91428cb6bc2da794f581aefd5eef010
http://kb.vmware.com/kb/1017660

ESX 3.0.3
---------
ESX303-201002202-SG
http://download3.vmware.com/software/vi/ESX303-201002202-UG.zip
md5sum: b111601ecb6978fbac40df2700d08fe2
http://kb.vmware.com/kb/1018027

The VMware advisory is available at:

http://www.vmware.com/security/advisories/VMSA-2010-0003.html

Cause:   State error

Message History:   This archive entry is a follow-up to the message listed below.
Jun 25 2009 Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service



 Source Message Contents

Subject:  VMSA-2010-0003 ESX Service Console update for net-snmp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2010-0003
Synopsis:          ESX Service Console update for net-snmp
Issue date:        2010-02-16
Updated on:        2010-02-16 (initial release of advisory)
CVE numbers:       CVE-2009-1887
- -------------------------------------------------------------------------

1. Summary

   Update for Service Console package net-snmp

2. Relevant releases

   VMware ESX 3.5 without patch ESX350-201002401-SG

3. Problem Description

 a. Service Console package net-snmp updated

    This patch updates the service console package for net-snmp,
    net-snmp-utils, and net-snmp-libs to version
    net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by-
    zero flaw in the snmpd daemon. A remote attacker could issue a
    specially crafted GETBULK request that could cause the snmpd daemon
    to fail.

    This vulnerability was introduced by an incorrect fix for
    CVE-2008-4309.

    The Common Vulnerabilities and Exposures Project (cve.mitre.org) has
    assigned the name CVE-2009-1887 to this issue.

    Note: After installing the previous patch for net-snmp
    (ESX350-200901409-SG), running the snmpbulkwalk command with the
    parameter -CnX results in no output, and the snmpd daemon stops.

    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.

    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected

    hosted *       any       any      not affected

    ESXi           any       ESXi     not affected

    ESX            4.0       ESX      not affected
    ESX            3.5       ESX      ESX350-201002401-SG
    ESX            3.0.3     ESX      affected, patch pending
    ESX            2.5.5     ESX      not affected

  * hosted products are VMware Workstation, Player, ACE, Server, Fusion.

4. Solution

   Please review the patch/release notes for your product and version
   and verify the md5sum of your downloaded file.

   ESX 3.5
   -------
   ESX350-201002401-SG
   http://download3.vmware.com/software/vi/ESX350-201002401-SG.zip
   md5sum: a91428cb6bc2da794f581aefd5eef010
   http://kb.vmware.com/kb/1017660

5. References

   CVE numbers
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1887

- -------------------------------------------------------------------------
6. Change log

2010-02-16  VMSA-2010-0003
Initial security advisory after release of patches for ESX 3.5
on 2010-02-16.

- ------------------------------------------------------------------------
7. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

  * security-announce at lists.vmware.com
  * bugtraq at securityfocus.com
  * full-disclosure at lists.grok.org.uk

E-mail:  security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055

VMware Security Center
http://www.vmware.com/security

VMware security response policy
http://www.vmware.com/support/policies/security_response.html

General support life cycle policy
http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html

Copyright 2010 VMware Inc.  All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkt66IQACgkQS2KysvBH1xmhuACbBL6u9x1WUt/wG2F45y2jjkHs
WIIAn0tgLrLQGODyeK5pI8cPBIqsslNL
=Fk9e
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC