The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause
a denial of service (CPU and memory consumption) via a GETBULK request with a
large max-repeaters value.
Netmon, please advise.
I don't think the CVE entry is correct. 5.4.1 had the patch in question applied already. (Man snmpd.conf; you see the maxGetbulkRepeats and maxGetbulkResponses tunables, which are part of the patch referenced), also ds_agent.h file, etc).
I'm sure 5.3.1 is vulnerable. It was released long before the patch was committed.
I think we should stable 5.4.1-r1 and clean up the other releases. I don't think we need to carry that many versions of net-snmp in the tree.
(In reply to comment #2)
> I don't think the CVE entry is correct. 5.4.1 had the patch in question
> applied already. (Man snmpd.conf; you see the maxGetbulkRepeats and
> maxGetbulkResponses tunables, which are part of the patch referenced), also
> ds_agent.h file, etc).
5.4 is stable right now, is it affected?
> 5.4 is stable right now, is it affected?
Yes, it is. The maxreps patch does apply cleanly on that version, though.
I could do a 5.4-r1 with the patch. 5.4.1 is a bit more complex to stable as it introduced python bindings, which require a dep on MIPS to be stabled first (requested, but not yet done).
Martin it's up to you what fixed version to stable, just we get one to stable:)
Er, so the target is net-analyzer/net-snmp-5.4.1-r1 now?
Sorry for the spam arches. I forgot to remove you from CC when I discovered there were no clear stable candidate. UnCCing arches for now.
Netmon please advise.
> Netmon please advise.
I think we're better off stabling 5.4.1-r1, but we need to keyword/stable dev-python/setuptools on mips first (191550). Can someone from mips@ help with that?
If that's not viable (i.e. there's some reason we can't keyword and stable setuptools on mips), I have committed a 5.4-r1 with the maxreps patch.
MIPS, please see the blocker of this bug first.
Arches, please test and mark stable net-analyzer/net-snmp-5.4.1-r1.
Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
Vote is open.
Martin, do I see correctly that this vulnerability can be exploited by authenticated users / hosts in usual setups? Or is the SNMP agent designed to be connected publically?
According to RedHat this is a DoS for unauthenticated users.
yes too, request filed.
Unstable on mips.