CVE-2007-5846 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5846): The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
Netmon, please advise.
I don't think the CVE entry is correct. 5.4.1 had the patch in question applied already. (Man snmpd.conf; you see the maxGetbulkRepeats and maxGetbulkResponses tunables, which are part of the patch referenced), also ds_agent.h file, etc). I'm sure 5.3.1 is vulnerable. It was released long before the patch was committed. I think we should stable 5.4.1-r1 and clean up the other releases. I don't think we need to carry that many versions of net-snmp in the tree. Any objections?
(In reply to comment #2) > I don't think the CVE entry is correct. 5.4.1 had the patch in question > applied already. (Man snmpd.conf; you see the maxGetbulkRepeats and > maxGetbulkResponses tunables, which are part of the patch referenced), also > ds_agent.h file, etc). 5.4 is stable right now, is it affected?
> 5.4 is stable right now, is it affected? Yes, it is. The maxreps patch does apply cleanly on that version, though. I could do a 5.4-r1 with the patch. 5.4.1 is a bit more complex to stable as it introduced python bindings, which require a dep on MIPS to be stabled first (requested, but not yet done).
Martin it's up to you what fixed version to stable, just we get one to stable:)
Er, so the target is net-analyzer/net-snmp-5.4.1-r1 now?
Sorry for the spam arches. I forgot to remove you from CC when I discovered there were no clear stable candidate. UnCCing arches for now. Netmon please advise.
> Netmon please advise. > I think we're better off stabling 5.4.1-r1, but we need to keyword/stable dev-python/setuptools on mips first (191550). Can someone from mips@ help with that? If that's not viable (i.e. there's some reason we can't keyword and stable setuptools on mips), I have committed a 5.4-r1 with the maxreps patch. Thanks, Marty
MIPS, please see the blocker of this bug first. Arches, please test and mark stable net-analyzer/net-snmp-5.4.1-r1. Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86"
ppc64 stable
x86 stable
alpha/ia64/sparc stable
Stable for HPPA.
ppc stable
amd64 done
Vote is open. Martin, do I see correctly that this vulnerability can be exploited by authenticated users / hosts in usual setups? Or is the SNMP agent designed to be connected publically?
According to RedHat this is a DoS for unauthenticated users. Voting YES.
yes too, request filed.
Unstable on mips.
GLSA 200711-31