Bug 363631 (CVE-2007-5846)

Summary: CVE-2007-5846 net-snmp remote DoS via udp packet
Product: [Other] Security Response Reporter: Jatin Nansi <jnansi>
Component: vulnerabilityAssignee: Jan Safranek <jsafrane>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jrusnack, kreilly, tao
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-14 12:39:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 366591, 366601, 366611, 366621, 366631, 411721    
Bug Blocks:    

Comment 9 Mark J. Cox 2007-11-05 11:27:56 UTC 
A customer has reported that a certain udp packet can cause net-snmp to crash
(after using a lot of CPU/memory).  This was traced to the following issue
already fixed upstream in net-snmp:

http://sourceforge.net/tracker/index.php?func=detail&aid=1712988&group_id=12694&atid=112694

A remote attacker who can connect to the snmpd UDP port (161 by default) could
send a malicious package causing snmpd to crash, a denial of service.

CVE name applied for (as public issue)

Verified this issue affects rhel4,5.  Issue may affect rhel3 (testing so far
inconclusive).  We will create an async security update to address this issue.
Comment 10 Mark J. Cox 2007-11-07 09:31:21 UTC 
now public via CVE, removing embargo.
Comment 16 Red Hat Product Security 2008-01-14 12:39:37 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-1045.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3019
  Fedora 8 ships with fixed upstream version net-snmp-5.4.1