ID CVE-2007-5846
Summary The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
References
Vulnerable Configurations
  • cpe:2.3:a:net-snmp:net-snmp:5.4.1
    cpe:2.3:a:net-snmp:net-snmp:5.4.1
CVSS
Base: 7.8 (as of 07-11-2007 - 20:11)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2008-0007.NASL
    description a. Updated pcre Service Console package addresses several security issues The pcre package contains the Perl-Compatible Regular Expression library. pcre is used by various Service Console utilities. Several security issues were discovered in the way PCRE handles regular expressions. If an application linked against PCRE parsed a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. VMware would like to thank Ludwig Nussel for reporting these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-7228 and CVE-2007-1660 to these issues. b. Updated net-snmp Service Console package addresses denial of service net-snmp is an implementation of the Simple Network Management Protocol (SNMP). SNMP is used by network management systems to monitor hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port could send a malicious packet causing snmpd to crash, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5846 to this issue. c. Updated OpenPegasus Service Console package fixes overflow condition OpenPegasus is a CIM (Common Information Model) and Web-Based Enterprise Management (WBEM) broker. These protocols are used by network management systems to monitor and control hosts. By default ESX has this service enabled and its ports open on the ESX firewall. A flaw was discovered in the OpenPegasus CIM management server that might allow remote attackers to execute arbitrary code. OpenPegasus when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, has a stack-based buffer overflow condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0003 to this issue.
    last seen 2019-02-21
    modified 2018-08-07
    plugin id 40377
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40377
    title VMSA-2008-0007 : Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3019.NASL
    description - Fri Oct 19 2007 Jan Safranek 5.4-16 - License: field fixed to 'BSD and CMU' - fix hrSWInst (#250237) - fix leak in UDP transport (#247771) - fix remote DoS attack (CVE-2007-5846) - Mon Oct 8 2007 Jan Safranek 5.4-15 - License: field changed to MIT - fix segfault on parsing smuxpeer without password (#316621) - Thu Jun 28 2007 Jan Safranek 5.4-14 - fix snmptrapd hostname logging (#238587) - fix udpEndpointProcess remote IP address (#236551) - fix -M option of net-snmp-utils (#244784) - default snmptrapd.conf added (#243536) - fix crash when multiple exec statements have the same name (#243536) - fix ugly error message when more interfaces share one IP address (#209861) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28303
    published 2007-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28303
    title Fedora 7 : net-snmp-5.4-16.fc7 (2007-3019)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071115_NET_SNMP_ON_SL5_X.NASL
    description A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60304
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60304
    title Scientific Linux Security Update : net-snmp on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11999.NASL
    description This update of net-snmp fixes the following bugs : - default and configurable maximum number of varbinds returnable to a GETBULK request. (CVE-2007-5846) - added option to ignore accepted connections
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 58226
    published 2012-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58226
    title SuSE9 Security Update : net-snmp (YOU Patch Number 11999)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_NET-SNMP-4755.NASL
    description This update of net-snmp fixes the following bug : - default and configurable maximum number of varbinds returnable to a GETBULK request. (CVE-2007-5846) - crash when smux peers were configured with empty passwords
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29528
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29528
    title SuSE 10 Security Update : net-snmp (ZYPP Patch Number 4755)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1483.NASL
    description The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 30223
    published 2008-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30223
    title Debian DSA-1483-1 : net-snmp - design error
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1045.NASL
    description Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) All users of net-snmp are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 36614
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36614
    title CentOS 3 / 4 : net-snmp (CESA-2007:1045)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_NET-SNMP-4759.NASL
    description This update of net-snmp fixes the following bug : - default and configurable maximum number of varbinds returnable to a GETBULK request (CVE-2007-5846) - crash when smux peers were configured with empty passwords
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 29883
    published 2008-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29883
    title openSUSE 10 Security Update : net-snmp (net-snmp-4759)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_NET-SNMP-4753.NASL
    description This update of net-snmp fixes the following bugs : - default and configurable maximum number of varbinds returnable to a GETBULK request (CVE-2007-5846) - crash when smux peers were configured with empty passwords - the UCD-SNMP-MIB::memCached.0 SNMP object was missing - the snmptrap command from the net-snmp package sends traps per default on the wrong port.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 29882
    published 2008-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29882
    title openSUSE 10 Security Update : net-snmp (net-snmp-4753)
  • NASL family SNMP
    NASL id SNMP_GETBULK_MAX_REPETITIONS_DOS.NASL
    description It is possible to disable the remote SNMP daemon by sending a GETBULK request with a large value for 'max-repetitions'. A remote attacker may be able to leverage this issue to cause the daemon to consume excessive memory and CPU on the affected system while it tries unsuccessfully to process the request, thereby denying service to legitimate users.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 27841
    published 2007-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27841
    title SNMP GETBULK Large max-repetitions Remote DoS
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12022.NASL
    description This update of net-snmp fixes the following bugs : - Default and configurable maximum number of varbinds returnable to a GETBULK request. (CVE-2007-5846) - Add option to ignore accepted connections.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41178
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41178
    title SuSE9 Security Update : net-snmp (YOU Patch Number 12022)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_92F86B93923F11DCA2BF02E081235DAB.NASL
    description CVE reports : The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 28194
    published 2007-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28194
    title FreeBSD : net-snmp -- denial of service via GETBULK request (92f86b93-923f-11dc-a2bf-02e081235dab)
  • NASL family Misc.
    NASL id PULSE_CONNECT_SECURE-SA-43730.NASL
    description According to its self-reported version, the version of Pulse Connect Secure running on the remote host is affected by multiple vulnerabilities. Refer to the vendor advisory for additional information.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 109919
    published 2018-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109919
    title Pulse Connect Secure Multiple Vulnerabilities (SA43730)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-564-1.NASL
    description Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29920
    published 2008-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29920
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : net-snmp vulnerability (USN-564-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-225.NASL
    description The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. Updated packages fix this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 28275
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28275
    title Mandrake Linux Security Advisory : net-snmp (MDKSA-2007:225)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200711-31.NASL
    description The remote host is affected by the vulnerability described in GLSA-200711-31 (Net-SNMP: Denial of Service) The SNMP agent (snmpd) does not properly handle GETBULK requests with an overly large 'max-repetitions' field. Impact : A remote unauthenticated attacker could send a specially crafted SNMP request to the vulnerable application, possibly resulting in a high CPU and memory consumption. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 28320
    published 2007-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28320
    title GLSA-200711-31 : Net-SNMP: Denial of Service
  • NASL family Misc.
    NASL id PULSE_POLICY_SECURE-SA-43730.NASL
    description According to its self-reported version, the version of Pulse Policy Secure running on the remote host is affected by multiple vulnerabilities. Refer to the vendor advisory for additional information.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 109920
    published 2018-05-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109920
    title Pulse Policy Secure Multiple Vulnerabilities (SA43730)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1045.NASL
    description Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) All users of net-snmp are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 28248
    published 2007-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28248
    title RHEL 3 / 4 / 5 : net-snmp (RHSA-2007:1045)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1045.NASL
    description From Red Hat Security Advisory 2007:1045 : Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) All users of net-snmp are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67608
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67608
    title Oracle Linux 3 / 4 : net-snmp (ELSA-2007-1045)
oval via4
accepted 2013-04-29T04:12:44.214-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
family unix
id oval:org.mitre.oval:def:11258
status accepted
submitted 2010-07-09T03:56:16-04:00
title The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
version 24
redhat via4
advisories
bugzilla
id 363631
title CVE-2007-5846 net-snmp remote DoS via udp packet
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • OR
      • AND
        • comment net-snmp is earlier than 0:5.0.9-2.30E.23
          oval oval:com.redhat.rhsa:tst:20071045002
        • comment net-snmp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20071045003
      • AND
        • comment net-snmp-devel is earlier than 0:5.0.9-2.30E.23
          oval oval:com.redhat.rhsa:tst:20071045006
        • comment net-snmp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20071045007
      • AND
        • comment net-snmp-libs is earlier than 0:5.0.9-2.30E.23
          oval oval:com.redhat.rhsa:tst:20071045008
        • comment net-snmp-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20071045009
      • AND
        • comment net-snmp-perl is earlier than 0:5.0.9-2.30E.23
          oval oval:com.redhat.rhsa:tst:20071045004
        • comment net-snmp-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20071045005
      • AND
        • comment net-snmp-utils is earlier than 0:5.0.9-2.30E.23
          oval oval:com.redhat.rhsa:tst:20071045010
        • comment net-snmp-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20071045011
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment net-snmp is earlier than 0:5.1.2-11.el4_6.11.1
          oval oval:com.redhat.rhsa:tst:20071045013
        • comment net-snmp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20071045003
      • AND
        • comment net-snmp-devel is earlier than 0:5.1.2-11.el4_6.11.1
          oval oval:com.redhat.rhsa:tst:20071045015
        • comment net-snmp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20071045007
      • AND
        • comment net-snmp-libs is earlier than 0:5.1.2-11.el4_6.11.1
          oval oval:com.redhat.rhsa:tst:20071045017
        • comment net-snmp-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20071045009
      • AND
        • comment net-snmp-perl is earlier than 0:5.1.2-11.el4_6.11.1
          oval oval:com.redhat.rhsa:tst:20071045016
        • comment net-snmp-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20071045005
      • AND
        • comment net-snmp-utils is earlier than 0:5.1.2-11.el4_6.11.1
          oval oval:com.redhat.rhsa:tst:20071045014
        • comment net-snmp-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20071045011
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment net-snmp is earlier than 1:5.3.1-19.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071045019
        • comment net-snmp is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071045020
      • AND
        • comment net-snmp-devel is earlier than 1:5.3.1-19.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071045021
        • comment net-snmp-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071045022
      • AND
        • comment net-snmp-libs is earlier than 1:5.3.1-19.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071045025
        • comment net-snmp-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071045026
      • AND
        • comment net-snmp-perl is earlier than 1:5.3.1-19.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071045023
        • comment net-snmp-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071045024
      • AND
        • comment net-snmp-utils is earlier than 1:5.3.1-19.el5_1.1
          oval oval:com.redhat.rhsa:tst:20071045027
        • comment net-snmp-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20071045028
rhsa
id RHSA-2007:1045
released 2007-11-15
severity Moderate
title RHSA-2007:1045: net-snmp security update (Moderate)
rpms
  • net-snmp-0:5.0.9-2.30E.23
  • net-snmp-devel-0:5.0.9-2.30E.23
  • net-snmp-libs-0:5.0.9-2.30E.23
  • net-snmp-perl-0:5.0.9-2.30E.23
  • net-snmp-utils-0:5.0.9-2.30E.23
  • net-snmp-0:5.1.2-11.el4_6.11.1
  • net-snmp-devel-0:5.1.2-11.el4_6.11.1
  • net-snmp-libs-0:5.1.2-11.el4_6.11.1
  • net-snmp-perl-0:5.1.2-11.el4_6.11.1
  • net-snmp-utils-0:5.1.2-11.el4_6.11.1
  • net-snmp-1:5.3.1-19.el5_1.1
  • net-snmp-devel-1:5.3.1-19.el5_1.1
  • net-snmp-libs-1:5.3.1-19.el5_1.1
  • net-snmp-perl-1:5.3.1-19.el5_1.1
  • net-snmp-utils-1:5.3.1-19.el5_1.1
refmap via4
bid 26378
bugtraq 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
confirm
debian DSA-1483
fedora FEDORA-2007-3019
gentoo GLSA-200711-31
mandriva MDKSA-2007:225
misc http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-1/net-snmp/agent/snmp_agent.c?view=log
mlist [Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
osvdb 38904
sectrack 1018918
secunia
  • 27558
  • 27685
  • 27689
  • 27733
  • 27740
  • 27965
  • 28413
  • 28825
  • 29785
suse SUSE-SR:2007:025
ubuntu USN-564-1
vupen
  • ADV-2007-3802
  • ADV-2008-1234
Last major update 30-10-2012 - 22:46
Published 06-11-2007 - 16:46
Last modified 15-10-2018 - 17:46
Back to Top