Menu
▾
▴
[ net-snmp-Bugs-1712988 ] GETBULK with large max-repeaters DoS [CVE-2007-5846]
|
From: SourceForge.net <no...@so...> - 2008-12-07 03:47:52
|
Bugs item #1712988, was opened at 2007-05-04 18:13 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=112694&aid=1712988&group_id=12694 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: agent Group: None Status: Closed Resolution: Fixed Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Wes Hardaker (hardaker) Summary: GETBULK with large max-repeaters DoS [CVE-2007-5846] Initial Comment: By executing the command snmpbulkwalk -C r240000 192.168.103.94 I was able to bring a fellow developer's system (running Linux 2.4.25 on a Power PC) to a stand-still as the SNMP agent (version 5.4) consumed all available memory and CPU trying unsuccessfully process the request. This problem report resembles report 1206723, which appears to have been summarily closed without resolution. I would guess fixing this problem should be as simple as capping max-repeaters to some reasonably small value (aiming for a limit of, say, 16 Kbytes, perhaps). Bill Trost <bt...@mo...> ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-12-07 03:47 Message: 3Kjtjm <a href="http://qzhvasplwotc.com/">qzhvasplwotc</a>, [url=http://kbxnwbbyjwvy.com/]kbxnwbbyjwvy[/url], [link=http://whwemvamoqpt.com/]whwemvamoqpt[/link], http://ukspzkfqelnc.com/ ---------------------------------------------------------------------- Comment By: Thomas Anders (tanders) Date: 2007-11-12 11:26 Message: Logged In: YES user_id=848638 Originator: NO Tagged as CVE-2007-5846. See http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5846 . ---------------------------------------------------------------------- Comment By: Wes Hardaker (hardaker) Date: 2007-05-07 16:45 Message: Logged In: YES user_id=76242 Originator: NO try the following patch, which sets (configurable) limits on how getbulk requests are handled. Oh, and do me a favor and tell your coworker that he/she shouldn't be giving you access to his/her machine as you've proven that you can't be trusted with it! (humor, of course) Will be applied to the various trees. File Added: maxreps.patch ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=112694&aid=1712988&group_id=12694 |