Bugzilla – Bug 867349
VUL-0: CVE-2014-2310: net-snmp: agentx incorrect handling of multi-object DoS
Last modified: 2018-10-19 18:18:02 UTC
via oss-sec From: Raphael Geissert <geissert@debian.org> Date: Thu, 6 Mar 2014 15:22:07 +0100 Subject: [oss-security] CVE request: net-snmp agentx incorrect handling of multi-object requests DoS Hi, It was found that the AgentX subagent of net-snmp can be stalled when a manager sends a multi-object request with a different number of subids. From the Debian bug report: > This happens if one of the requested OID is larger than the previous one: > > agentx/master: request for variable (iso.3.6.1.2.1.2.2.1.7.7) > agentx/master: request for variable (iso.3.6.1.2.1.2.2.1.2.10) > agentx/master: request for variable (iso.3.6.1.2.1.2.2.1.8.7) > agentx/master: request for variable (iso.3.6.1.3.53.5.5.2.1.3.101) > > First three OID contain 11 subid while the next one has 12 subid. Resulting error message from the subagent: > agentx: Oversized Object ID The bug is fixed upstream for the 5.4 branch in 5.4.4. From the upstream bug report this was also fixed in the 5.3 branch but I don't know on what specific version. Could a CVE id be assigned? Thanks Upstream bug report: http://sourceforge.net/p/net-snmp/patches/1113/ More explicit impact: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net References: http://comments.gmane.org/gmane.comp.security.oss.general/12298 http://sourceforge.net/p/net-snmp/patches/1113/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388
bugbot adjusting priority
CVE-2014-2310
All SLE versions are affected. openSUSE is not affected.
The SWAMPID for this issue is 56659. This issue was rated as moderate. Please submit fixed packages until 2014-03-28. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
CVE-2014-2310: agentx incorrect handling of multi-object DoS * I was not able to reproduce this problem, but the code change is clear.
Update released for: net-snmp, net-snmp-devel, perl-SNMP Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: libsnmp15, net-snmp, net-snmp-debuginfo, net-snmp-debugsource, net-snmp-devel, perl-SNMP, snmp-mibs Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: net-snmp, net-snmp-debuginfo, net-snmp-devel, perl-SNMP Products: SLE-DEBUGINFO 10-SP3-TERADATA (x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: libsnmp15, libsnmp15-32bit, libsnmp15-64bit, libsnmp15-x86, net-snmp, net-snmp-debuginfo, net-snmp-debugsource, net-snmp-devel, perl-SNMP, snmp-mibs Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
Fixed and released. Closing bug.
SUSE-SU-2014:0524-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 866942,867349 CVE References: CVE-2014-2284,CVE-2014-2310 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): net-snmp-5.4.2.1-8.12.20.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): net-snmp-5.4.2.1-8.12.20.1 SUSE Linux Enterprise Server 11 SP3 (src): net-snmp-5.4.2.1-8.12.20.1 SUSE Linux Enterprise Desktop 11 SP3 (src): net-snmp-5.4.2.1-8.12.20.1
*** Bug 886038 has been marked as a duplicate of this bug. ***