Vulnerabilities > CVE-2007-5846 - Resource Management Errors vulnerability in Net-Snmp
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-225.NASL description The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. Updated packages fix this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 28275 published 2007-11-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28275 title Mandrake Linux Security Advisory : net-snmp (MDKSA-2007:225) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:225. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(28275); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-5846"); script_xref(name:"MDKSA", value:"2007:225"); script_name(english:"Mandrake Linux Security Advisory : net-snmp (MDKSA-2007:225)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. Updated packages fix this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64net-snmp10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64net-snmp10-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64net-snmp10-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp10-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnet-snmp10-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-mibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-trapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:net-snmp-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-NetSNMP"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64net-snmp10-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64net-snmp10-devel-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64net-snmp10-static-devel-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libnet-snmp10-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libnet-snmp10-devel-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libnet-snmp10-static-devel-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"net-snmp-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"net-snmp-mibs-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"net-snmp-trapd-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"net-snmp-utils-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"perl-NetSNMP-5.3.1-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64net-snmp10-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64net-snmp10-devel-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64net-snmp10-static-devel-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libnet-snmp10-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libnet-snmp10-devel-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libnet-snmp10-static-devel-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"net-snmp-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"net-snmp-mibs-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"net-snmp-trapd-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"net-snmp-utils-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"perl-NetSNMP-5.3.1-3.1mdv2007.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE9_11999.NASL description This update of net-snmp fixes the following bugs : - default and configurable maximum number of varbinds returnable to a GETBULK request. (CVE-2007-5846) - added option to ignore accepted connections last seen 2020-06-01 modified 2020-06-02 plugin id 58226 published 2012-04-23 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58226 title SuSE9 Security Update : net-snmp (YOU Patch Number 11999) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(58226); script_version("1.3"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-5846"); script_name(english:"SuSE9 Security Update : net-snmp (YOU Patch Number 11999)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of net-snmp fixes the following bugs : - default and configurable maximum number of varbinds returnable to a GETBULK request. (CVE-2007-5846) - added option to ignore accepted connections" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5846.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 11999."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"net-snmp-5.1.3.1-0.17.2")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"net-snmp-32bit-9-200711271522")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"net-snmp-devel-5.1.3.1-0.17.2")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"perl-SNMP-5.1.3.1-0.17.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Scientific Linux Local Security Checks NASL id SL_20071115_NET_SNMP_ON_SL5_X.NASL description A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) last seen 2020-06-01 modified 2020-06-02 plugin id 60304 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60304 title Scientific Linux Security Update : net-snmp on SL5.x, SL4.x, SL3.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60304); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-5846"); script_name(english:"Scientific Linux Security Update : net-snmp on SL5.x, SL4.x, SL3.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0711&L=scientific-linux-errata&T=0&P=2993 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?de4ba73a" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"net-snmp-5.0.9-2.30E.23")) flag++; if (rpm_check(release:"SL3", reference:"net-snmp-devel-5.0.9-2.30E.23")) flag++; if (rpm_check(release:"SL3", reference:"net-snmp-libs-5.0.9-2.30E.23")) flag++; if (rpm_check(release:"SL3", reference:"net-snmp-perl-5.0.9-2.30E.23")) flag++; if (rpm_check(release:"SL3", reference:"net-snmp-utils-5.0.9-2.30E.23")) flag++; if (rpm_check(release:"SL4", reference:"net-snmp-5.1.2-11.11.1")) flag++; if (rpm_check(release:"SL4", reference:"net-snmp-devel-5.1.2-11.11.1")) flag++; if (rpm_check(release:"SL4", reference:"net-snmp-libs-5.1.2-11.11.1")) flag++; if (rpm_check(release:"SL4", reference:"net-snmp-perl-5.1.2-11.11.1")) flag++; if (rpm_check(release:"SL4", reference:"net-snmp-utils-5.1.2-11.11.1")) flag++; if (rpm_check(release:"SL5", reference:"net-snmp-5.3.1-19.el5.1")) flag++; if (rpm_check(release:"SL5", reference:"net-snmp-devel-5.3.1-19.el5.1")) flag++; if (rpm_check(release:"SL5", reference:"net-snmp-libs-5.3.1-19.el5.1")) flag++; if (rpm_check(release:"SL5", reference:"net-snmp-perl-5.3.1-19.el5.1")) flag++; if (rpm_check(release:"SL5", reference:"net-snmp-utils-5.3.1-19.el5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id PULSE_CONNECT_SECURE-SA-43730.NASL description According to its self-reported version, the version of Pulse Connect Secure running on the remote host is affected by multiple vulnerabilities. Refer to the vendor advisory for additional information. last seen 2020-06-01 modified 2020-06-02 plugin id 109919 published 2018-05-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109919 title Pulse Connect Secure Multiple Vulnerabilities (SA43730) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1045.NASL description From Red Hat Security Advisory 2007:1045 : Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) All users of net-snmp are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67608 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67608 title Oracle Linux 3 / 4 : net-snmp (ELSA-2007-1045) NASL family SuSE Local Security Checks NASL id SUSE_NET-SNMP-4759.NASL description This update of net-snmp fixes the following bug : - default and configurable maximum number of varbinds returnable to a GETBULK request (CVE-2007-5846) - crash when smux peers were configured with empty passwords last seen 2020-06-01 modified 2020-06-02 plugin id 29883 published 2008-01-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29883 title openSUSE 10 Security Update : net-snmp (net-snmp-4759) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0007.NASL description a. Updated pcre Service Console package addresses several security issues The pcre package contains the Perl-Compatible Regular Expression library. pcre is used by various Service Console utilities. Several security issues were discovered in the way PCRE handles regular expressions. If an application linked against PCRE parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. VMware would like to thank Ludwig Nussel for reporting these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues. b. Updated net-snmp Service Console package addresses denial of service net-snmp is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port could send a malicious packet causing snmpd to crash, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5846 to this issue. c. Updated OpenPegasus Service Console package fixes overflow condition OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise Management (WBEM) broker. These protocols are used by network management systems to monitor and control hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the OpenPegasus CIM management server that might allow remote attackers to execute arbitrary code. OpenPegasus when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, has a stack-based buffer overflow condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0003 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 40377 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40377 title VMSA-2008-0007 : Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1483.NASL description The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. last seen 2020-06-01 modified 2020-06-02 plugin id 30223 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30223 title Debian DSA-1483-1 : net-snmp - design error NASL family Misc. NASL id PULSE_POLICY_SECURE-SA-43730.NASL description According to its self-reported version, the version of Pulse Policy Secure running on the remote host is affected by multiple vulnerabilities. Refer to the vendor advisory for additional information. last seen 2020-06-01 modified 2020-06-02 plugin id 109920 published 2018-05-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109920 title Pulse Policy Secure Multiple Vulnerabilities (SA43730) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_92F86B93923F11DCA2BF02E081235DAB.NASL description CVE reports : The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. last seen 2020-06-01 modified 2020-06-02 plugin id 28194 published 2007-11-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28194 title FreeBSD : net-snmp -- denial of service via GETBULK request (92f86b93-923f-11dc-a2bf-02e081235dab) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1045.NASL description Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) All users of net-snmp are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 28248 published 2007-11-16 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28248 title RHEL 3 / 4 / 5 : net-snmp (RHSA-2007:1045) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1045.NASL description Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) All users of net-snmp are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36614 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36614 title CentOS 3 / 4 : net-snmp (CESA-2007:1045) NASL family Fedora Local Security Checks NASL id FEDORA_2008-5224.NASL description - Tue Jun 10 2008 Jan Safranek <jsafranek at redhat.com> 5.4-18 - fix various flaws (CVE-2008-2292 CVE-2008-0960) - Thu Feb 14 2008 Jan Safranek <jsafranek at redhat.com> 5.4-17 - fixing ipNetToMediaNetAddress to show IP address (#432780) - Fri Oct 19 2007 Jan Safranek <jsafranek at redhat.com> 5.4-16 - License: field fixed to last seen 2020-06-01 modified 2020-06-02 plugin id 33148 published 2008-06-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33148 title Fedora 7 : net-snmp-5.4-18.fc7 (2008-5224) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-564-1.NASL description Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29920 published 2008-01-10 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29920 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : net-snmp vulnerability (USN-564-1) NASL family SNMP NASL id SNMP_GETBULK_MAX_REPETITIONS_DOS.NASL description It is possible to disable the remote SNMP daemon by sending a GETBULK request with a large value for last seen 2020-06-01 modified 2020-06-02 plugin id 27841 published 2007-11-09 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27841 title SNMP GETBULK Large max-repetitions Remote DoS NASL family SuSE Local Security Checks NASL id SUSE_NET-SNMP-4753.NASL description This update of net-snmp fixes the following bugs : - default and configurable maximum number of varbinds returnable to a GETBULK request (CVE-2007-5846) - crash when smux peers were configured with empty passwords - the UCD-SNMP-MIB::memCached.0 SNMP object was missing - the snmptrap command from the net-snmp package sends traps per default on the wrong port. last seen 2020-06-01 modified 2020-06-02 plugin id 29882 published 2008-01-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29882 title openSUSE 10 Security Update : net-snmp (net-snmp-4753) NASL family Fedora Local Security Checks NASL id FEDORA_2007-3019.NASL description - Fri Oct 19 2007 Jan Safranek <jsafranek at redhat.com> 5.4-16 - License: field fixed to last seen 2020-06-01 modified 2020-06-02 plugin id 28303 published 2007-11-26 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28303 title Fedora 7 : net-snmp-5.4-16.fc7 (2007-3019) NASL family SuSE Local Security Checks NASL id SUSE_NET-SNMP-4755.NASL description This update of net-snmp fixes the following bug : - default and configurable maximum number of varbinds returnable to a GETBULK request. (CVE-2007-5846) - crash when smux peers were configured with empty passwords last seen 2020-06-01 modified 2020-06-02 plugin id 29528 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29528 title SuSE 10 Security Update : net-snmp (ZYPP Patch Number 4755) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200711-31.NASL description The remote host is affected by the vulnerability described in GLSA-200711-31 (Net-SNMP: Denial of Service) The SNMP agent (snmpd) does not properly handle GETBULK requests with an overly large last seen 2020-06-01 modified 2020-06-02 plugin id 28320 published 2007-11-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28320 title GLSA-200711-31 : Net-SNMP: Denial of Service NASL family SuSE Local Security Checks NASL id SUSE9_12022.NASL description This update of net-snmp fixes the following bugs : - Default and configurable maximum number of varbinds returnable to a GETBULK request. (CVE-2007-5846) - Add option to ignore accepted connections. last seen 2020-06-01 modified 2020-06-02 plugin id 41178 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41178 title SuSE9 Security Update : net-snmp (YOU Patch Number 12022)
Oval
| accepted | 2013-04-29T04:12:44.214-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11258 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 26378 CVE(CAN) ID: CVE-2007-5846 Net-SNMP是一个免费的、开放源码的SNMP实现,以前称为UCD-SNMP。 Net-SNMP在处理畸形的SNMP GETBULK请求时存在漏洞,远程攻击者可能利用此漏洞导致服务器不可用。 Net-SNMP没有正确地处理SNMP GETBULK请求,如果远程攻击者发送了包含有超长max-repetitions字段的畸形SNMP GETBULK请求的话,就可能导致耗尽大量CPU和内存资源。 0 Net-SNMP net-snmp < 5.4.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://sourceforge.net/projects/net-snmp/" target="_blank">http://sourceforge.net/projects/net-snmp/</a> |
| id | SSV:2401 |
| last seen | 2017-11-19 |
| modified | 2007-11-09 |
| published | 2007-11-09 |
| reporter | Root |
| title | Net-SNMP GETBULK远程拒绝服务漏洞 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=198346
- http://lists.vmware.com/pipermail/security-announce/2008/000014.html
- http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-1/net-snmp/agent/snmp_agent.c?view=log
- http://osvdb.org/38904
- http://secunia.com/advisories/27558
- http://secunia.com/advisories/27685
- http://secunia.com/advisories/27689
- http://secunia.com/advisories/27733
- http://secunia.com/advisories/27740
- http://secunia.com/advisories/27965
- http://secunia.com/advisories/28413
- http://secunia.com/advisories/28825
- http://secunia.com/advisories/29785
- http://security.gentoo.org/glsa/glsa-200711-31.xml
- http://sourceforge.net/project/shownotes.php?release_id=528095&group_id=12694
- http://sourceforge.net/tracker/index.php?func=detail&aid=1712988&group_id=12694&atid=112694
- http://www.debian.org/security/2008/dsa-1483
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:225
- http://www.novell.com/linux/security/advisories/2007_25_sr.html
- http://www.redhat.com/support/errata/RHSA-2007-1045.html
- http://www.securityfocus.com/archive/1/490917/100/0/threaded
- http://www.securityfocus.com/bid/26378
- http://www.securitytracker.com/id?1018918
- http://www.ubuntu.com/usn/usn-564-1
- http://www.vupen.com/english/advisories/2007/3802
- http://www.vupen.com/english/advisories/2008/1234/references
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11258
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00613.html