A customer has reported that a certain udp packet can cause net-snmp to crash
(after using a lot of CPU/memory). This was traced to the following issue
already fixed upstream in net-snmp:
A remote attacker who can connect to the snmpd UDP port (161 by default) could
send a malicious package causing snmpd to crash, a denial of service.
CVE name applied for (as public issue)
Verified this issue affects rhel4,5. Issue may affect rhel3 (testing so far
inconclusive). We will create an async security update to address this issue.
now public via CVE, removing embargo.
This issue was addressed in:
Red Hat Enterprise Linux:
Fedora 8 ships with fixed upstream version net-snmp-5.4.1