[Secure-testing-team] Bug#504150: snmpd: DoS in getbulk handling code in net-snmp
Steffen Joeris
steffen.joeris at skolelinux.de
Sat Nov 1 06:51:04 UTC 2008
Package: snmpd
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
The following announcement has been released by net-snmp upstream:
SECURITY ISSUE: A bug in the getbulk handling code could let anyone
with even minimal access crash the agent. If you have open access
to your snmp agents (bad bad bad; stop doing that!) or if you don't
trust everyone that does have access to your agents you should
updated immediately to prevent potential denial of service attacks.
You can find the upstream patch here[0], which applies fine to the sid
version.
Once we get a CVE id for this issue, I'll forward it to this bugreport.
For lenny, I guess an upload to sid with high urgency should be sufficient.
I'll email you soon about the stable situation.
Cheers
Steffen
[0]: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-2-1/net-snmp/agent/snmp_agent.c?view=patch&r1=17272&r2=17271&pathrev=17272
More information about the Secure-testing-team
mailing list