[Pkg-net-snmp-devel] Bug#504150: snmpd: DoS in getbulk handling code in net-snmp
steffen.joeris at skolelinux.de
Sat Nov 1 06:51:04 UTC 2008
Tags: security, patch
Justification: user security hole
The following announcement has been released by net-snmp upstream:
SECURITY ISSUE: A bug in the getbulk handling code could let anyone
with even minimal access crash the agent. If you have open access
to your snmp agents (bad bad bad; stop doing that!) or if you don't
trust everyone that does have access to your agents you should
updated immediately to prevent potential denial of service attacks.
You can find the upstream patch here, which applies fine to the sid
Once we get a CVE id for this issue, I'll forward it to this bugreport.
For lenny, I guess an upload to sid with high urgency should be sufficient.
I'll email you soon about the stable situation.
More information about the Pkg-net-snmp-devel