ports/128837: [vuxml] net-mgmt/net-snmp and net-mgmt/net-snmp53: CVE-2008-4309
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Thu Nov 13 11:00:12 UTC 2008
>Number: 128837
>Category: ports
>Synopsis: [vuxml] net-mgmt/net-snmp and net-mgmt/net-snmp53: CVE-2008-4309
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Nov 13 11:00:11 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Eygene Ryabinkin
>Release: FreeBSD 7.1-PRERELEASE i386
>Organization:
Code Labs
>Environment:
System: FreeBSD 7.1-PRERELEASE i386
>Description:
Denial of Service for the certain versions of agents from net-snmp packages.
Citing by http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309:
-----
Integer overflow in the netsnmp_create_subtree_cache function in
agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before
5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a
denial of service (crash) via a crafted SNMP GETBULK request, which
triggers a heap-based buffer overflow, related to the number of
responses or repeats.
-----
>How-To-Repeat:
Look at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309
and references therein.
>Fix:
The following VuXML entry for this issue should be evaluated and added:
--- vuln.xml begins here ---
<vuln vid="">
<topic>net-snmp -- Denial of Service for SNMP agent via crafted GETBULK request</topic>
<affects>
<package>
<name>net-snmp</name>
<range><lt>5.4.2.1</lt></range>
</package>
<package>
<name>net-snmp53</name>
<range><lt>5.3.2.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Wes Hardaker reports through sourceforge.net forum:</p>
<blockquote cite="http://sourceforge.net/forum/forum.php?forum_id=882903">
<p>SECURITY ISSUE: A bug in the getbulk handling code could
let anyone with even minimal access crash the agent. If you
have open access to your snmp agents (bad bad bad; stop doing
that!) or if you don't trust everyone that does have access to
your agents you should updated immediately to prevent
potential denial of service attacks.</p>
</blockquote>
<p>Description at cve.mitre.org additionally clarifies:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309">
<p>Integer overflow in the netsnmp_create_subtree_cache
function in agent/snmp_agent.c in net-snmp 5.4 before
5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows
remote attackers to cause a denial of service (crash) via
a crafted SNMP GETBULK request, which triggers a heap-based
buffer overflow, related to the number of responses or
repeats.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-4309</cvename>
<url>http://sourceforge.net/forum/forum.php?forum_id=882903</url>
<url>http://www.openwall.com/lists/oss-security/2008/10/31/1</url>
<url>http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272</url>
</references>
<dates>
<discovery>2008-10-31</discovery>
</dates>
</vuln>
--- vuln.xml ends here ---
Additionally, it will be very interesting if net-mgmt/net-snmp4 is
vulnerable. I assume that 5.x was grown from the UCD's implementation,
so it can share the common code. Currently I have no time to look at
this, but if I'll do it, will report as the followup.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list