Bug 363631 - (CVE-2007-5846) CVE-2007-5846 net-snmp remote DoS via udp packet
CVE-2007-5846 net-snmp remote DoS via udp packet
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
high Severity high
: ---
: ---
Assigned To: Jan Safranek
: Security
Depends On: 366591 366601 366611 366621 366631 411721
  Show dependency treegraph
Reported: 2007-11-02 07:59 EDT by Jatin Nansi
Modified: 2016-03-01 04:27 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-14 07:39:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 9 Mark J. Cox (Product Security) 2007-11-05 06:27:56 EST
A customer has reported that a certain udp packet can cause net-snmp to crash
(after using a lot of CPU/memory).  This was traced to the following issue
already fixed upstream in net-snmp:


A remote attacker who can connect to the snmpd UDP port (161 by default) could
send a malicious package causing snmpd to crash, a denial of service.

CVE name applied for (as public issue)

Verified this issue affects rhel4,5.  Issue may affect rhel3 (testing so far
inconclusive).  We will create an async security update to address this issue.
Comment 10 Mark J. Cox (Product Security) 2007-11-07 04:31:21 EST
now public via CVE, removing embargo.
Comment 16 Red Hat Product Security 2008-01-14 07:39:37 EST
This issue was addressed in:

Red Hat Enterprise Linux:

  Fedora 8 ships with fixed upstream version net-snmp-5.4.1

Note You need to log in before you can comment on or make changes to this bug.