[prev in list] [next in list] [prev in thread] [next in thread]
List: net-snmp-bugs
Subject: [ net-snmp-Bugs-2205039 ] CVE-2008-4309: GETBULK max-repetitions
From: "SourceForge.net" <noreply () sourceforge ! net>
Date: 2008-12-07 3:48:33
Message-ID: E1L9AdF-0008B1-Eh () d55xhf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Bugs item #2205039, was opened at 2008-10-28 18:58
Message generated for change (Comment added) made by nobody
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=112694&aid=2205039&group_id=12694
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: security
Group: linux
Status: Closed
Resolution: Fixed
Priority: 8
Private: No
Submitted By: Zero Day Initiative (zdi-disclosures)
Assigned to: Nobody/Anonymous (nobody)
Summary: CVE-2008-4309: GETBULK max-repetitions Denial of Service
Initial Comment:
ZDI-CAN-395:
In accordance with our disclosure policy we are writing to inform you of
a security vulnerability affecting:
Net-SNMP Net-SNMP
The details of the issue are available in the attached advisory
attached.
This vulnerability was processed through the Zero Day Initiative (ZDI),
an initiative launched by TippingPoint. The ZDI is designed to reward
security researchers for responsibly disclosing discovered
vulnerabilities. Further information regarding the ZDI is available at:
http://www.zerodayinitiative.com
Please confirm receipt of this report within 5 business days. We wish to
coordinate a public release date for this information once a patch has
been developed and made publicly available. Please keep us updated
regarding the status of this issue and feel free to contact us at any
time.
The PGP key used for all ZDI vendor communications is available from:
http://www.zerodayinitiative.com/documents/zdi-pgp-key.asc
Thank you for your time.
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2008-12-07 03:48
Message:
H8hzxn <a href="http://tzhofozfsfsb.com/">tzhofozfsfsb</a>,
[url=http://pmgbxezxhydv.com/]pmgbxezxhydv[/url],
[link=http://xrmtpzqvvdba.com/]xrmtpzqvvdba[/link],
http://iiesiqndufjs.com/
----------------------------------------------------------------------
Comment By: Thomas Anders (tanders)
Date: 2008-11-01 00:01
Message:
See SVN Revision 17272. The security releases for the older branches are
5.3.2.3 and 5.2.5.1.
----------------------------------------------------------------------
Comment By: Wes Hardaker (hardaker)
Date: 2008-10-31 17:02
Message:
Fixed in version 5.4.2.1 and others; thanks for the report!
----------------------------------------------------------------------
Comment By: Jan Safranek (jsafranek)
Date: 2008-10-31 14:43
Message:
Is the bug exploitable for code execution? If we allocate too short buffer
and we write behind it's boundary, is it ensured that the attacker cannot
influence what gets written there? Looking into the code I can see it's
array of pointers, so it looks safe to me, but I'd like to hear your
opinions too.
----------------------------------------------------------------------
Comment By: Wes Hardaker (hardaker)
Date: 2008-10-30 04:26
Message:
Will do, thanks for providing the name.
----------------------------------------------------------------------
Comment By: Zero Day Initiative (zdi-disclosures)
Date: 2008-10-29 16:55
Message:
It looks like you're right about the incorrect analysis, sorry for the
oversight there. If you release an advisory/changelog credit, can you make
sure to credit Oscar Mira-Sanchez and not the Zero Day Initiative?
----------------------------------------------------------------------
Comment By: Wes Hardaker (hardaker)
Date: 2008-10-28 23:37
Message:
I haven't checked the attached patch, but I do agree the code as is has the
problem stated.
However! part of the analysis is wrong. Namely the part that says
"Authentication is not required to exploit this vulnerability." isn't true.
You MUST have a valid path to get into the agent (ie, a valid SNMPv3 user
or a valid SNMPv2c community name). If you don't have these, you can't get
in.
The issue still exists for insider attacks, however, but can't be
exploited via just anyone.
----------------------------------------------------------------------
Comment By: Magnus Fromreide (magfr)
Date: 2008-10-28 22:58
Message:
I think the attached patch solves the problem but I would like to get a
second opinion.
Proposed for 5.2--HEAD
File Added: patch-2205039
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=112694&aid=2205039&group_id=12694
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Net-snmp-bugs mailing list
Net-snmp-bugs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic