Vulnerabilities > CVE-2007-5846 - Resource Management Errors vulnerability in Net-Snmp

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-225.NASL
    descriptionThe SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. Updated packages fix this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id28275
    published2007-11-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28275
    titleMandrake Linux Security Advisory : net-snmp (MDKSA-2007:225)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:225. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28275);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:49");
    
      script_cve_id("CVE-2007-5846");
      script_xref(name:"MDKSA", value:"2007:225");
    
      script_name(english:"Mandrake Linux Security Advisory : net-snmp (MDKSA-2007:225)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers
    to cause a denial of service (CPU and memory consumption) via a
    GETBULK request with a large max-repeaters value.
    
    Updated packages fix this issue."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64net-snmp10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64net-snmp10-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64net-snmp10-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp10-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp10-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-mibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-trapd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-NetSNMP");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64net-snmp10-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64net-snmp10-devel-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64net-snmp10-static-devel-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libnet-snmp10-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libnet-snmp10-devel-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libnet-snmp10-static-devel-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"net-snmp-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"net-snmp-mibs-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"net-snmp-trapd-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"net-snmp-utils-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"perl-NetSNMP-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64net-snmp10-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64net-snmp10-devel-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64net-snmp10-static-devel-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libnet-snmp10-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libnet-snmp10-devel-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libnet-snmp10-static-devel-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"net-snmp-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"net-snmp-mibs-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"net-snmp-trapd-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"net-snmp-utils-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"perl-NetSNMP-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11999.NASL
    descriptionThis update of net-snmp fixes the following bugs : - default and configurable maximum number of varbinds returnable to a GETBULK request. (CVE-2007-5846) - added option to ignore accepted connections
    last seen2020-06-01
    modified2020-06-02
    plugin id58226
    published2012-04-23
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58226
    titleSuSE9 Security Update : net-snmp (YOU Patch Number 11999)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58226);
      script_version("1.3");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2007-5846");
    
      script_name(english:"SuSE9 Security Update : net-snmp (YOU Patch Number 11999)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of net-snmp fixes the following bugs :
    
      - default and configurable maximum number of varbinds
        returnable to a GETBULK request. (CVE-2007-5846)
    
      - added option to ignore accepted connections"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5846.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 11999.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"net-snmp-5.1.3.1-0.17.2")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"net-snmp-32bit-9-200711271522")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"net-snmp-devel-5.1.3.1-0.17.2")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"perl-SNMP-5.1.3.1-0.17.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071115_NET_SNMP_ON_SL5_X.NASL
    descriptionA flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846)
    last seen2020-06-01
    modified2020-06-02
    plugin id60304
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60304
    titleScientific Linux Security Update : net-snmp on SL5.x, SL4.x, SL3.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60304);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2007-5846");
    
      script_name(english:"Scientific Linux Security Update : net-snmp on SL5.x, SL4.x, SL3.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A flaw was discovered in the way net-snmp handled certain requests. A
    remote attacker who can connect to the snmpd UDP port (161 by default)
    could send a malicious packet causing snmpd to crash, resulting in a
    denial of service. (CVE-2007-5846)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0711&L=scientific-linux-errata&T=0&P=2993
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?de4ba73a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL3", reference:"net-snmp-5.0.9-2.30E.23")) flag++;
    if (rpm_check(release:"SL3", reference:"net-snmp-devel-5.0.9-2.30E.23")) flag++;
    if (rpm_check(release:"SL3", reference:"net-snmp-libs-5.0.9-2.30E.23")) flag++;
    if (rpm_check(release:"SL3", reference:"net-snmp-perl-5.0.9-2.30E.23")) flag++;
    if (rpm_check(release:"SL3", reference:"net-snmp-utils-5.0.9-2.30E.23")) flag++;
    
    if (rpm_check(release:"SL4", reference:"net-snmp-5.1.2-11.11.1")) flag++;
    if (rpm_check(release:"SL4", reference:"net-snmp-devel-5.1.2-11.11.1")) flag++;
    if (rpm_check(release:"SL4", reference:"net-snmp-libs-5.1.2-11.11.1")) flag++;
    if (rpm_check(release:"SL4", reference:"net-snmp-perl-5.1.2-11.11.1")) flag++;
    if (rpm_check(release:"SL4", reference:"net-snmp-utils-5.1.2-11.11.1")) flag++;
    
    if (rpm_check(release:"SL5", reference:"net-snmp-5.3.1-19.el5.1")) flag++;
    if (rpm_check(release:"SL5", reference:"net-snmp-devel-5.3.1-19.el5.1")) flag++;
    if (rpm_check(release:"SL5", reference:"net-snmp-libs-5.3.1-19.el5.1")) flag++;
    if (rpm_check(release:"SL5", reference:"net-snmp-perl-5.3.1-19.el5.1")) flag++;
    if (rpm_check(release:"SL5", reference:"net-snmp-utils-5.3.1-19.el5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idPULSE_CONNECT_SECURE-SA-43730.NASL
    descriptionAccording to its self-reported version, the version of Pulse Connect Secure running on the remote host is affected by multiple vulnerabilities. Refer to the vendor advisory for additional information.
    last seen2020-06-01
    modified2020-06-02
    plugin id109919
    published2018-05-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109919
    titlePulse Connect Secure Multiple Vulnerabilities (SA43730)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1045.NASL
    descriptionFrom Red Hat Security Advisory 2007:1045 : Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) All users of net-snmp are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67608
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67608
    titleOracle Linux 3 / 4 : net-snmp (ELSA-2007-1045)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_NET-SNMP-4759.NASL
    descriptionThis update of net-snmp fixes the following bug : - default and configurable maximum number of varbinds returnable to a GETBULK request (CVE-2007-5846) - crash when smux peers were configured with empty passwords
    last seen2020-06-01
    modified2020-06-02
    plugin id29883
    published2008-01-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29883
    titleopenSUSE 10 Security Update : net-snmp (net-snmp-4759)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-0007.NASL
    descriptiona. Updated pcre Service Console package addresses several security issues The pcre package contains the Perl-Compatible Regular Expression library. pcre is used by various Service Console utilities. Several security issues were discovered in the way PCRE handles regular expressions. If an application linked against PCRE parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. VMware would like to thank Ludwig Nussel for reporting these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues. b. Updated net-snmp Service Console package addresses denial of service net-snmp is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port could send a malicious packet causing snmpd to crash, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5846 to this issue. c. Updated OpenPegasus Service Console package fixes overflow condition OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise Management (WBEM) broker. These protocols are used by network management systems to monitor and control hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the OpenPegasus CIM management server that might allow remote attackers to execute arbitrary code. OpenPegasus when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, has a stack-based buffer overflow condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0003 to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id40377
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40377
    titleVMSA-2008-0007 : Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1483.NASL
    descriptionThe SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
    last seen2020-06-01
    modified2020-06-02
    plugin id30223
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30223
    titleDebian DSA-1483-1 : net-snmp - design error
  • NASL familyMisc.
    NASL idPULSE_POLICY_SECURE-SA-43730.NASL
    descriptionAccording to its self-reported version, the version of Pulse Policy Secure running on the remote host is affected by multiple vulnerabilities. Refer to the vendor advisory for additional information.
    last seen2020-06-01
    modified2020-06-02
    plugin id109920
    published2018-05-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109920
    titlePulse Policy Secure Multiple Vulnerabilities (SA43730)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_92F86B93923F11DCA2BF02E081235DAB.NASL
    descriptionCVE reports : The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
    last seen2020-06-01
    modified2020-06-02
    plugin id28194
    published2007-11-14
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28194
    titleFreeBSD : net-snmp -- denial of service via GETBULK request (92f86b93-923f-11dc-a2bf-02e081235dab)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1045.NASL
    descriptionUpdated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) All users of net-snmp are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id28248
    published2007-11-16
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28248
    titleRHEL 3 / 4 / 5 : net-snmp (RHSA-2007:1045)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1045.NASL
    descriptionUpdated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) All users of net-snmp are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id36614
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36614
    titleCentOS 3 / 4 : net-snmp (CESA-2007:1045)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-5224.NASL
    description - Tue Jun 10 2008 Jan Safranek <jsafranek at redhat.com> 5.4-18 - fix various flaws (CVE-2008-2292 CVE-2008-0960) - Thu Feb 14 2008 Jan Safranek <jsafranek at redhat.com> 5.4-17 - fixing ipNetToMediaNetAddress to show IP address (#432780) - Fri Oct 19 2007 Jan Safranek <jsafranek at redhat.com> 5.4-16 - License: field fixed to
    last seen2020-06-01
    modified2020-06-02
    plugin id33148
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33148
    titleFedora 7 : net-snmp-5.4-18.fc7 (2008-5224)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-564-1.NASL
    descriptionBill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id29920
    published2008-01-10
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29920
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : net-snmp vulnerability (USN-564-1)
  • NASL familySNMP
    NASL idSNMP_GETBULK_MAX_REPETITIONS_DOS.NASL
    descriptionIt is possible to disable the remote SNMP daemon by sending a GETBULK request with a large value for
    last seen2020-06-01
    modified2020-06-02
    plugin id27841
    published2007-11-09
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27841
    titleSNMP GETBULK Large max-repetitions Remote DoS
  • NASL familySuSE Local Security Checks
    NASL idSUSE_NET-SNMP-4753.NASL
    descriptionThis update of net-snmp fixes the following bugs : - default and configurable maximum number of varbinds returnable to a GETBULK request (CVE-2007-5846) - crash when smux peers were configured with empty passwords - the UCD-SNMP-MIB::memCached.0 SNMP object was missing - the snmptrap command from the net-snmp package sends traps per default on the wrong port.
    last seen2020-06-01
    modified2020-06-02
    plugin id29882
    published2008-01-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29882
    titleopenSUSE 10 Security Update : net-snmp (net-snmp-4753)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3019.NASL
    description - Fri Oct 19 2007 Jan Safranek <jsafranek at redhat.com> 5.4-16 - License: field fixed to
    last seen2020-06-01
    modified2020-06-02
    plugin id28303
    published2007-11-26
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28303
    titleFedora 7 : net-snmp-5.4-16.fc7 (2007-3019)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_NET-SNMP-4755.NASL
    descriptionThis update of net-snmp fixes the following bug : - default and configurable maximum number of varbinds returnable to a GETBULK request. (CVE-2007-5846) - crash when smux peers were configured with empty passwords
    last seen2020-06-01
    modified2020-06-02
    plugin id29528
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29528
    titleSuSE 10 Security Update : net-snmp (ZYPP Patch Number 4755)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200711-31.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200711-31 (Net-SNMP: Denial of Service) The SNMP agent (snmpd) does not properly handle GETBULK requests with an overly large
    last seen2020-06-01
    modified2020-06-02
    plugin id28320
    published2007-11-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28320
    titleGLSA-200711-31 : Net-SNMP: Denial of Service
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12022.NASL
    descriptionThis update of net-snmp fixes the following bugs : - Default and configurable maximum number of varbinds returnable to a GETBULK request. (CVE-2007-5846) - Add option to ignore accepted connections.
    last seen2020-06-01
    modified2020-06-02
    plugin id41178
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41178
    titleSuSE9 Security Update : net-snmp (YOU Patch Number 12022)

Oval

accepted2013-04-29T04:12:44.214-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
familyunix
idoval:org.mitre.oval:def:11258
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
version27

Redhat

advisories
bugzilla
id363631
titleCVE-2007-5846 net-snmp remote DoS via udp packet
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentnet-snmp-utils is earlier than 0:5.1.2-11.el4_6.11.1
          ovaloval:com.redhat.rhsa:tst:20071045001
        • commentnet-snmp-utils is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20071045002
      • AND
        • commentnet-snmp-devel is earlier than 0:5.1.2-11.el4_6.11.1
          ovaloval:com.redhat.rhsa:tst:20071045003
        • commentnet-snmp-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20071045004
      • AND
        • commentnet-snmp-perl is earlier than 0:5.1.2-11.el4_6.11.1
          ovaloval:com.redhat.rhsa:tst:20071045005
        • commentnet-snmp-perl is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20071045006
      • AND
        • commentnet-snmp is earlier than 0:5.1.2-11.el4_6.11.1
          ovaloval:com.redhat.rhsa:tst:20071045007
        • commentnet-snmp is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20071045008
      • AND
        • commentnet-snmp-libs is earlier than 0:5.1.2-11.el4_6.11.1
          ovaloval:com.redhat.rhsa:tst:20071045009
        • commentnet-snmp-libs is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20071045010
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentnet-snmp-devel is earlier than 1:5.3.1-19.el5_1.1
          ovaloval:com.redhat.rhsa:tst:20071045012
        • commentnet-snmp-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071045013
      • AND
        • commentnet-snmp-libs is earlier than 1:5.3.1-19.el5_1.1
          ovaloval:com.redhat.rhsa:tst:20071045014
        • commentnet-snmp-libs is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071045015
      • AND
        • commentnet-snmp is earlier than 1:5.3.1-19.el5_1.1
          ovaloval:com.redhat.rhsa:tst:20071045016
        • commentnet-snmp is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071045017
      • AND
        • commentnet-snmp-perl is earlier than 1:5.3.1-19.el5_1.1
          ovaloval:com.redhat.rhsa:tst:20071045018
        • commentnet-snmp-perl is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071045019
      • AND
        • commentnet-snmp-utils is earlier than 1:5.3.1-19.el5_1.1
          ovaloval:com.redhat.rhsa:tst:20071045020
        • commentnet-snmp-utils is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20071045021
rhsa
idRHSA-2007:1045
released2007-11-15
severityModerate
titleRHSA-2007:1045: net-snmp security update (Moderate)
rpms
  • net-snmp-0:5.0.9-2.30E.23
  • net-snmp-0:5.1.2-11.el4_6.11.1
  • net-snmp-1:5.3.1-19.el5_1.1
  • net-snmp-debuginfo-0:5.0.9-2.30E.23
  • net-snmp-debuginfo-0:5.1.2-11.el4_6.11.1
  • net-snmp-debuginfo-1:5.3.1-19.el5_1.1
  • net-snmp-devel-0:5.0.9-2.30E.23
  • net-snmp-devel-0:5.1.2-11.el4_6.11.1
  • net-snmp-devel-1:5.3.1-19.el5_1.1
  • net-snmp-libs-0:5.0.9-2.30E.23
  • net-snmp-libs-0:5.1.2-11.el4_6.11.1
  • net-snmp-libs-1:5.3.1-19.el5_1.1
  • net-snmp-perl-0:5.0.9-2.30E.23
  • net-snmp-perl-0:5.1.2-11.el4_6.11.1
  • net-snmp-perl-1:5.3.1-19.el5_1.1
  • net-snmp-utils-0:5.0.9-2.30E.23
  • net-snmp-utils-0:5.1.2-11.el4_6.11.1
  • net-snmp-utils-1:5.3.1-19.el5_1.1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 26378 CVE(CAN) ID: CVE-2007-5846 Net-SNMP是一个免费的、开放源码的SNMP实现,以前称为UCD-SNMP。 Net-SNMP在处理畸形的SNMP GETBULK请求时存在漏洞,远程攻击者可能利用此漏洞导致服务器不可用。 Net-SNMP没有正确地处理SNMP GETBULK请求,如果远程攻击者发送了包含有超长max-repetitions字段的畸形SNMP GETBULK请求的话,就可能导致耗尽大量CPU和内存资源。 0 Net-SNMP net-snmp &lt; 5.4.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: &lt;a href=&quot;http://sourceforge.net/projects/net-snmp/&quot; target=&quot;_blank&quot;&gt;http://sourceforge.net/projects/net-snmp/&lt;/a&gt;
idSSV:2401
last seen2017-11-19
modified2007-11-09
published2007-11-09
reporterRoot
titleNet-SNMP GETBULK远程拒绝服务漏洞

References