Red Hat Bugzilla – Bug 163688
CAN-2005-2177 net-snmp denial of service
Last modified: 2007-11-30 17:07:19 EST
+++ This bug was initially created as a clone of Bug #162907 +++
This text comes from this message:
From: Wes Hardaker
A security vulnerability has been found in Net-SNMP releases that
could allow a denial of service attack against Net-SNMP agent"s which
have opened a stream based protocol (EG, TCP but not UDP; it should be
noted that Net-SNMP does not by default open a TCP port). Because of
this, we"ve immediately released a number of Net-SNMP versions
(220.127.116.11, 5.1.3, and 18.104.22.168) to fix this problem in the various
Net-SNMP branches. Most of these versions are minor patches from a
previous release, but since we were so close to releasing 5.1.3 anyway
we decided to do a full release of that rather than an incremental
release from the 5.1.2 release.
Adding on ProposedList, ACKs should be same as for Bug #162907 .
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.