Bug 1074631 – CVE-2014-2310 net-snmp: AgentX incorrectly handles multi-object requests leading to DoS

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1074631 - (CVE-2014-2310) CVE-2014-2310 net-snmp: AgentX incorrectly handles multi-object requests leading to DoS

Summary:	CVE-2014-2310 net-snmp: AgentX incorrectly handles multi-object requests lead...

Status:	CLOSED NOTABUG

Aliases:	CVE-2014-2310

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20140306,repor...
Keywords:	Security

Depends On:
Blocks:	1070397
	Show dependency tree / graph

Reported:	2014-03-10 13:24 EDT by Vincent Danen
Modified:	2014-03-14 02:24 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:	net-snmp 5.4.4
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-03-14 02:24:43 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Vincent Danen 2014-03-10 13:24:27 EDT

It was reported [1],[2]that the AgentX subagent of net-snmp could be stalled when a manager sent a multi-object request with a different number subids.  This could lead to a denial of service.

This has been corrected upstream in version 5.4.4 [3]; only earlier versiona are affected.  This means that Fedora and Red Hat Enterprise Linux 6 are not affected, however Red Hat Enterprise Linux 5 does ship a vulnerable version (5.3.x).

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388
[2] http://seclists.org/oss-sec/2014/q1/513
[3] http://sourceforge.net/p/net-snmp/patches/1113/


Statement:

This issue did not affect the version of the net-snmp packages as shipped with Red Hat Enterprise Linux 6.

Comment 1 Jan Safranek 2014-03-11 04:34:39 EDT

I don't understand how this bug can lead to DoS. Sure, AgentX subagent won't parse certain GETNEXT messages, but it does not crash, it just reports ordinary error code.

And looking at the code, Net-SNMP as in RHEL 6.6 has the same bug.

Comment 3 Huzaifa S. Sidhpurwala 2014-03-14 02:22:49 EDT

After analyzing this issue, it seems the only impact of this flaw would be denial of response to the attacker who initially sent the crafted request. It does not lead to denial of service to other users or daemon crash.

Therefore this is not a security flaw.

Comment 4 Huzaifa S. Sidhpurwala 2014-03-14 02:24:43 EDT

Statement:

The Red Hat Security Response Team does not consider this issue to be a security flaw. For more information please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1074631#c3

Note You need to log in before you can comment on or make changes to this bug.