Net-SNMP GETBULK Remote Denial of Service Vulnerability
BID:26378
Info
Net-SNMP GETBULK Remote Denial of Service Vulnerability
| Bugtraq ID: | 26378 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5846 |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2007 12:00AM |
| Updated: | Apr 18 2008 12:28AM |
| Credit: | The vendor disclosed this vulnerability. |
| Vulnerable: |
VMWare ESX Server 3.5 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 9 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise SDK 10 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE Suse Linux Enterprise Desktop 10 SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO SuSE Linux Enterprise Server 10.SP1 SuSE Linux Enterprise Server 10 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. openSUSE 10.1 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 X86 64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 X86 64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 Redhat Fedora 7 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Net-SNMP ucd-snmp 4.2.5 Net-SNMP ucd-snmp 4.2.3 Net-SNMP ucd-snmp 4.2.2 Net-SNMP ucd-snmp 4.2.1 Net-SNMP ucd-snmp 4.1.2 Net-SNMP ucd-snmp 4.1.1 Net-SNMP Net-SNMP 5.3 Net-SNMP Net-SNMP 5.2.2 Net-SNMP Net-SNMP 5.2.1 .2 Net-SNMP Net-SNMP 5.2.1 Net-SNMP Net-SNMP 5.2 Net-SNMP Net-SNMP 5.1.3 Net-SNMP Net-SNMP 5.1.2 Net-SNMP Net-SNMP 5.1.1 Net-SNMP Net-SNMP 5.1 Net-SNMP Net-SNMP 5.0.10 .2 Net-SNMP Net-SNMP 5.0.9 Net-SNMP Net-SNMP 5.0.8 Net-SNMP Net-SNMP 5.0.7 Net-SNMP Net-SNMP 5.0.6 Net-SNMP Net-SNMP 5.0.5 Net-SNMP Net-SNMP 5.0.4 .pre2 Net-SNMP Net-SNMP 5.0.3 Net-SNMP Net-SNMP 5.0.1 Net-SNMP Net-SNMP 5.3.0.1 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: |
Net-SNMP Net-SNMP 5.4.1 |
Discussion
Net-SNMP GETBULK Remote Denial of Service Vulnerability
Net-SNMP is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions.
This issue affects versions prior to Net-SNMP 5.4.1.
Net-SNMP is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions.
This issue affects versions prior to Net-SNMP 5.4.1.
Exploit / POC
Net-SNMP GETBULK Remote Denial of Service Vulnerability
An attacker can use readily available network tools to exploit this issue.
An attacker can use readily available network tools to exploit this issue.
Solution / Fix
Net-SNMP GETBULK Remote Denial of Service Vulnerability
Solution:
The vendor has released Net-SNMP 5.4.1 to address this issue. Please see the references for more information and advisories.
VMWare ESX Server 3.5
Solution:
The vendor has released Net-SNMP 5.4.1 to address this issue. Please see the references for more information and advisories.
VMWare ESX Server 3.5
-
VMWare ESX350-200803214-UG
http://download3.vmware.com/software/esx/ESX350-200803214-UG.zip
References
Net-SNMP GETBULK Remote Denial of Service Vulnerability
References:
References: