First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 245306
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Craig (Security Padawan) <craig@haquarter.de>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 245306 depends on: Show dependency tree
Bug 245306 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-11-02 19:17 0000 
CVE-2008-4309 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4309):
  The getbulk code in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3,
  and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of
  service (crash) via vectors related to the number of responses or
  repeats.

------- Comment #1 From Craig (Security Padawan) 2008-11-05 22:25:50 0000 ------- 
Netmon, here is the patch:

http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272

------- Comment #2 From Craig (Security Padawan) 2008-11-10 15:56:00 0000 ------- 
netmon, are you still alive? ;P
I'm just curious if someone works on this, our timeline for B4 is 20 days.

------- Comment #3 From Craig (Security Padawan) 2008-11-12 19:02:00 0000 ------- 
POC: http://www.milw0rm.com/exploits/7100

------- Comment #4 From Tobias Scherbaum 2008-11-12 20:47:59 0000 ------- 
(In reply to comment #2)
> netmon, are you still alive? ;P
> I'm just curious if someone works on this, our timeline for B4 is 20 days.
> 

if noone else bumps within the next days i'll take a look at it during the
weekend.

------- Comment #5 From Craig (Security Padawan) 2008-11-12 21:45:16 0000 ------- 
Thanks Tobi!

Re-rating B0, severity blocker: the CVE does not mention it, but securityfocus
and the exploit say that remote code execution is possible - and snmpd runs as
root!

------- Comment #6 From Jeroen Roovers 2008-11-13 17:47:23 0000 ------- 
# ChangeLog for net-analyzer/net-snmp
# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/ChangeLog,v 1.181
2008/11/13 17:46:48 jer Exp $

*net-snmp-5.4.2.1 (13 Nov 2008)

  13 Nov 2008; Jeroen Roovers <jer@gentoo.org> +net-snmp-5.4.2.1.ebuild:
  Version bump (bug #245306).

------- Comment #7 From Christian Hoffmann 2008-11-13 17:52:37 0000 ------- 
Arches, please test and mark stable:
  =net-analyzer/net-snmp-5.4.2.1

Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86


(Revmoing versions from summary which don't affect us)

------- Comment #8 From Jeroen Roovers 2008-11-13 18:05:40 0000 ------- 
Stable for HPPA.

------- Comment #9 From Tobias Scherbaum 2008-11-14 20:54:26 0000 ------- 
ppc stable

------- Comment #10 From Markus Meier 2008-11-15 10:27:02 0000 ------- 
amd64/x86 stable

------- Comment #11 From Markus Rothe 2008-11-15 12:52:31 0000 ------- 
ppc64 stable

------- Comment #12 From Raúl Porcel 2008-11-15 17:36:19 0000 ------- 
alpha/arm/ia64/sparc stable

------- Comment #13 From Raúl Porcel 2009-01-01 17:37:44 0000 ------- 
s390/sh stable

------- Comment #14 From Craig (Security Padawan) 2009-01-10 04:14:45 0000 ------- 
GLSA was NOT filed yet!

------- Comment #15 From Pierre-Yves Rofes 2009-01-11 17:57:55 0000 ------- 
(In reply to comment #14)
> GLSA was NOT filed yet!
> 

fixed now.

------- Comment #16 From Pierre-Yves Rofes 2009-01-12 22:12:19 0000 ------- 
(In reply to comment #5)
> Thanks Tobi!
> 
> Re-rating B0, severity blocker: the CVE does not mention it, but securityfocus
> and the exploit say that remote code execution is possible - and snmpd runs as
> root!
> 
This exploit is for CVE-2008-2292... rerating B3.

------- Comment #17 From Jeroen Roovers 2009-01-15 05:07:00 0000 ------- 
*** Bug 237172 has been marked as a duplicate of this bug. ***

------- Comment #18 From Pierre-Yves Rofes 2009-01-21 22:36:13 0000 ------- 
GLSA 200901-15
First Last Prev Next    No search results available      Search page      Enter new bug