GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Jan 22, 2009 12:26 am Post subject: [ GLSA 200901-15 ] Net-SNMP: Denial of Service |
|
|
Gentoo Linux Security Advisory
Title: Net-SNMP: Denial of Service (GLSA 200901-15)
Severity: normal
Exploitable: remote
Date: January 21, 2009
Bug(s): #245306
ID: 200901-15
Synopsis
A vulnerability in Net-SNMP could lead to a Denial of Service.
Background
Net-SNMP is a collection of tools for generating and retrieving SNMP
data.
Affected Packages
Package: net-analyzer/net-snmp
Vulnerable: < 5.4.2.1
Unaffected: >= 5.4.2.1
Architectures: All supported architectures
Description
Oscar Mira-Sanchez reported an integer overflow in the
netsnmp_create_subtree_cache() function in agent/snmp_agent.c when
processing GETBULK requests.
Impact
A remote attacker could send a specially crafted request to crash the
SNMP server. NOTE: The attacker needs to know the community string to
exploit this vulnerability.
Workaround
Restrict access to trusted entities only.
Resolution
All Net-SNMP users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.4.2.1" |
References
CVE-2008-4309
Last edited by GLSA on Tue Feb 18, 2014 4:28 am; edited 2 times in total |
|