oss-sec mailing list archives

Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Fri, 07 Mar 2014 10:38:46 +0530

On 03/06/2014 07:52 PM, Raphael Geissert wrote:

Hi,

It was found that the AgentX subagent of net-snmp can be stalled when
a manager sends a multi-object request with a different number of
subids. From the Debian bug report:

This happens if one of the requested OID is larger than the previous one:

agentx/master: request for variable (iso.3.6.1.2.1.2.2.1.7.7)
agentx/master: request for variable (iso.3.6.1.2.1.2.2.1.2.10)
agentx/master: request for variable (iso.3.6.1.2.1.2.2.1.8.7)
agentx/master: request for variable (iso.3.6.1.3.53.5.5.2.1.3.101)

First three OID contain 11 subid while the next one has 12 subid.


Resulting error message from the subagent:

agentx: Oversized Object ID


The bug is fixed upstream for the 5.4 branch in 5.4.4. From the
upstream bug report this was also fixed in the 5.3 branch but I don't
know on what specific version.

Could a CVE id be assigned?


Isnt this same as:
https://bugzilla.redhat.com/show_bug.cgi?id=1038007 ?

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Current thread:

CVE request: net-snmp agentx incorrect handling of multi-object requests DoS Raphael Geissert (Mar 06)
- Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS Huzaifa Sidhpurwala (Mar 06)
  - Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS Raphael Geissert (Mar 07)
- Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS cve-assign (Mar 07)