[Pkg-net-snmp-devel] Bug#504150: snmpd: DoS in getbulk handling code in net-snmp

Steffen Joeris steffen.joeris at skolelinux.de
Sat Nov 1 06:51:04 UTC 2008

Package: snmpd
Severity: grave
Tags: security, patch
Justification: user security hole


The following announcement has been released by net-snmp upstream:

SECURITY ISSUE: A bug in the getbulk handling code could let anyone
with even minimal access crash the agent. If you have open access 
to your snmp agents (bad bad bad; stop doing that!) or if you don't 
trust everyone that does have access to your agents you should 
updated immediately to prevent potential denial of service attacks.

You can find the upstream patch here[0], which applies fine to the sid

Once we get a CVE id for this issue, I'll forward it to this bugreport.

For lenny, I guess an upload to sid with high urgency should be sufficient.
I'll email you soon about the stable situation.


[0]: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-2-1/net-snmp/agent/snmp_agent.c?view=patch&r1=17272&r2=17271&pathrev=17272

More information about the Pkg-net-snmp-devel mailing list