#1816 GETBULK with large max-repeaters DoS [CVE-2007-5846]

closed
Wes Hardaker
agent (1104)
5
2012-11-08
2007-05-04
Anonymous
No

By executing the command

snmpbulkwalk -C r240000 192.168.103.94

I was able to bring a fellow developer's system (running Linux 2.4.25 on a Power PC) to a stand-still as the SNMP agent (version 5.4) consumed all available memory and CPU trying unsuccessfully process the request.

This problem report resembles report 1206723, which appears to have been summarily closed without resolution. I would guess fixing this problem should be as simple as capping max-repeaters to some reasonably small value (aiming for a limit of, say, 16 Kbytes, perhaps).

Bill Trost btrost@motorola.com

Discussion

  • Wes Hardaker
    Wes Hardaker
    2007-05-07

    Logged In: YES
    user_id=76242
    Originator: NO

    try the following patch, which sets (configurable) limits on how getbulk requests are handled.

    Oh, and do me a favor and tell your coworker that he/she shouldn't be giving you access to his/her machine as you've proven that you can't be trusted with it! (humor, of course)

    Will be applied to the various trees.
    File Added: maxreps.patch

     
  • Wes Hardaker
    Wes Hardaker
    2007-05-07

     
    Attachments
  • 3Kjtjm qzhvasplwotc, [url=http://kbxnwbbyjwvy.com/]kbxnwbbyjwvy[/url], [link=http://whwemvamoqpt.com/]whwemvamoqpt[/link], http://ukspzkfqelnc.com/