[Pkg-net-snmp-devel] Bug#504150: snmpd: DoS in getbulk handling code in net-snmp

Steffen Joeris steffen.joeris at skolelinux.de
Sat Nov 1 06:51:04 UTC 2008


Package: snmpd
Severity: grave
Tags: security, patch
Justification: user security hole

Hi

The following announcement has been released by net-snmp upstream:

SECURITY ISSUE: A bug in the getbulk handling code could let anyone
with even minimal access crash the agent. If you have open access 
to your snmp agents (bad bad bad; stop doing that!) or if you don't 
trust everyone that does have access to your agents you should 
updated immediately to prevent potential denial of service attacks.


You can find the upstream patch here[0], which applies fine to the sid
version.

Once we get a CVE id for this issue, I'll forward it to this bugreport.

For lenny, I guess an upload to sid with high urgency should be sufficient.
I'll email you soon about the stable situation.

Cheers
Steffen

[0]: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-2-1/net-snmp/agent/snmp_agent.c?view=patch&r1=17272&r2=17271&pathrev=17272





More information about the Pkg-net-snmp-devel mailing list