Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Mar 2014 15:22:07 +0100
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: net-snmp agentx incorrect handling of multi-object
 requests DoS

Hi,

It was found that the AgentX subagent of net-snmp can be stalled when
a manager sends a multi-object request with a different number of
subids. From the Debian bug report:

> This happens if one of the requested OID is larger than the previous one:
>
> agentx/master: request for variable (iso.3.6.1.2.1.2.2.1.7.7)
> agentx/master: request for variable (iso.3.6.1.2.1.2.2.1.2.10)
> agentx/master: request for variable (iso.3.6.1.2.1.2.2.1.8.7)
> agentx/master: request for variable (iso.3.6.1.3.53.5.5.2.1.3.101)
>
> First three OID contain 11 subid while the next one has 12 subid.

Resulting error message from the subagent:
> agentx: Oversized Object ID

The bug is fixed upstream for the 5.4 branch in 5.4.4. From the
upstream bug report this was also fixed in the 5.3 branch but I don't
know on what specific version.

Could a CVE id be assigned?

Thanks

Upstream bug report:
http://sourceforge.net/p/net-snmp/patches/1113/
More explicit impact:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ