FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

net-snmp -- DoS for SNMP agent via crafted GETBULK request

Affected packages
5.4 < net-snmp < 5.4.2.1
5.3 < net-snmp < 5.3.2.3

Details

VuXML ID daf045d7-b211-11dd-a987-000c29ca8953
Discovery 2008-10-12
Entry 2008-11-14
Modified 2009-03-23

Wes Hardaker reports through sourceforge.net forum:

SECURITY ISSUE: A bug in the getbulk handling code could let anyone with even minimal access crash the agent. If you have open access to your snmp agents (bad bad bad; stop doing that!) or if you don't trust everyone that does have access to your agents you should updated immediately to prevent potential denial of service attacks.

[source]

Description at cve.mitre.org additionally clarifies:

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.

[source]

References

CVE Name CVE-2008-4309
URL http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272
URL http://sourceforge.net/forum/forum.php?forum_id=882903
URL http://www.openwall.com/lists/oss-security/2008/10/31/1

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.