CVE-2008-4309 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4309): The getbulk code in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via vectors related to the number of responses or repeats.
Netmon, here is the patch: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272
netmon, are you still alive? ;P I'm just curious if someone works on this, our timeline for B4 is 20 days.
POC: http://www.milw0rm.com/exploits/7100
(In reply to comment #2) > netmon, are you still alive? ;P > I'm just curious if someone works on this, our timeline for B4 is 20 days. > if noone else bumps within the next days i'll take a look at it during the weekend.
Thanks Tobi! Re-rating B0, severity blocker: the CVE does not mention it, but securityfocus and the exploit say that remote code execution is possible - and snmpd runs as root!
# ChangeLog for net-analyzer/net-snmp # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/ChangeLog,v 1.181 2008/11/13 17:46:48 jer Exp $ *net-snmp-5.4.2.1 (13 Nov 2008) 13 Nov 2008; Jeroen Roovers <jer@gentoo.org> +net-snmp-5.4.2.1.ebuild: Version bump (bug #245306).
Arches, please test and mark stable: =net-analyzer/net-snmp-5.4.2.1 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86 (Revmoing versions from summary which don't affect us)
Stable for HPPA.
ppc stable
amd64/x86 stable
ppc64 stable
alpha/arm/ia64/sparc stable
s390/sh stable
GLSA was NOT filed yet!
(In reply to comment #14) > GLSA was NOT filed yet! > fixed now.
(In reply to comment #5) > Thanks Tobi! > > Re-rating B0, severity blocker: the CVE does not mention it, but securityfocus > and the exploit say that remote code execution is possible - and snmpd runs as > root! > This exploit is for CVE-2008-2292... rerating B3.
*** Bug 237172 has been marked as a duplicate of this bug. ***
GLSA 200901-15
