Menu

#1816 GETBULK with large max-repeaters DoS [CVE-2007-5846]

closed
Wes Hardaker
agent (1105)
5
2012-11-08
2007-05-04
Anonymous
No

By executing the command

snmpbulkwalk -C r240000 192.168.103.94

I was able to bring a fellow developer's system (running Linux 2.4.25 on a Power PC) to a stand-still as the SNMP agent (version 5.4) consumed all available memory and CPU trying unsuccessfully process the request.

This problem report resembles report 1206723, which appears to have been summarily closed without resolution. I would guess fixing this problem should be as simple as capping max-repeaters to some reasonably small value (aiming for a limit of, say, 16 Kbytes, perhaps).

Bill Trost btrost@motorola.com

Discussion

  • Wes Hardaker

    Wes Hardaker - 2007-05-07

    Logged In: YES
    user_id=76242
    Originator: NO

    try the following patch, which sets (configurable) limits on how getbulk requests are handled.

    Oh, and do me a favor and tell your coworker that he/she shouldn't be giving you access to his/her machine as you've proven that you can't be trusted with it! (humor, of course)

    Will be applied to the various trees.
    File Added: maxreps.patch

     

  • Wes Hardaker

    Wes Hardaker - 2007-05-07
     
    maxreps.patch

  • Thomas Anders

    Thomas Anders - 2007-11-12

    Logged In: YES
    user_id=848638
    Originator: NO

    Tagged as CVE-2007-5846. See http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5846 .

     

  • Nobody/Anonymous

    Nobody/Anonymous - 2008-12-07

    3Kjtjm qzhvasplwotc, [url=http://kbxnwbbyjwvy.com/]kbxnwbbyjwvy[/url], [link=http://whwemvamoqpt.com/]whwemvamoqpt[/link], http://ukspzkfqelnc.com/

     

Log in to post a comment.

MongoDB Logo MongoDB