发布时间 :2005-12-31 00:00:00
修订时间 :2017-10-10 21:30:31

[原文]snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.


        Net-SNMP处理用户TCP连接时存在漏洞,远程攻击者可能利用此漏洞导致服务不可用。如果以master agentx模式运行的话,则远程攻击者就可能通过断开特定的TCP连接在snmpd的snmp_api.c中触发释放错误的变量,导致snmpd崩溃。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-189| CWE-16 []

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9442snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before, when running in master agentx mode, allow...

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  23762

- 漏洞信息

危急 其他
2005-12-31 00:00:00 2012-12-26 00:00:00
        Net-SNMP处理用户TCP连接时存在漏洞,远程攻击者可能利用此漏洞导致服务不可用。如果以master agentx模式运行的话,则远程攻击者就可能通过断开特定的TCP连接在snmpd的snmp_api.c中触发释放错误的变量,导致snmpd崩溃。

- 公告与补丁


- 漏洞信息 (F56419)

Ubuntu Security Notice 456-1 (PacketStormID:F56419)
2007-05-03 00:00:00
advisory,denial of service

Ubuntu Security Notice 456-1 - A really old denial of service issue with net-snmp has finally been fixed.

Ubuntu Security Notice USN-456-1               May 02, 2007
net-snmp vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

The SNMP service did not correctly handle TCP disconnects.  Remote 
subagents could cause a denial of service if they dropped a connection 
at a specific time.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    71936 2a4cb9c1f800080e5e2374f3f84b8d7a
      Size/MD5:      792 2855b4bf1c6d5fdda432999b3e7c7533
      Size/MD5:  3869893 34159770a7fe418d99fdd416a75358b1

  Architecture independent packages:
      Size/MD5:  1151640 e40129b2a40d0efe2644207776152c98
      Size/MD5:   822598 b768bdd2b9f4417925b4b3efb3d4edcb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   896164 855871a700bfa3655ac3a10118cb69e6
      Size/MD5:  1496678 398e8f61079aff0fba54135322812d36
      Size/MD5:  1825690 fb3b45a844420bc93c0c1ea7aec1b6c8
      Size/MD5:   888946 2ddf1fd336891d925c05c093620c6755
      Size/MD5:   796756 90b141201184e1f01ab9ff0e1b4f3612

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   896372 eac0a7df274971ba80b1dd669c0f0ec8
      Size/MD5:  1267600 b52a5f612636a6d2ba77efe7da2fb864
      Size/MD5:  1709432 cb84264a9581bcbb2093280924d2036f
      Size/MD5:   881478 4d9bc662c8ecab47b484c33765b24a55
      Size/MD5:   794300 aeaf12afa90adbe6466e1f14ac3a81e7

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   912514 2af054816148762b77a561655944b2b8
      Size/MD5:  1589090 f00c4b7f21855f7862864bf51b898569
      Size/MD5:  1727216 7a982cc48199b22df04cb84f1fc5f217
      Size/MD5:   898250 75a7b6278614c10ab1967a689f00a6e1
      Size/MD5:   795666 449405c93bf2c822694c51c09112cf6c

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   896380 8d9bced826d6097c92b056fba5651cec
      Size/MD5:  1485066 fff34136dd9ef3ccb9fa43d58cb8f31c
      Size/MD5:  1705908 95015429b477368287651682622c12ff
      Size/MD5:   882846 223f74ba12b6374e8c79c9b05b3f7a9e
      Size/MD5:   796020 af0197bc714b9a1bf0ad240d208ee497


- 漏洞信息

Net-SNMP snmpd Master Agentx Mode Remote DoS
Remote / Network Access Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-05-23 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Net-SNMP TCP Disconnect Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 23762
Yes No
2007-05-02 12:00:00 2007-06-06 10:20:00
The initial discoverer of this issue is currently unknown. This issue was disclosed by the vendor.

- 受影响的程序版本

Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Sun Solaris 10_x86
Sun Solaris 10.0_x86
Sun Solaris 10.0
Sun Solaris 10
rPath rPath Linux 1
Net-SNMP Net-SNMP 5.2.1 .2
Net-SNMP Net-SNMP 5.2.1
Net-SNMP Net-SNMP 5.2
Net-SNMP Net-SNMP 5.1.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Net-SNMP Net-SNMP 5.1.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Net-SNMP Net-SNMP 5.1
Net-SNMP Net-SNMP 5.0.10 .2
Net-SNMP Net-SNMP 5.0.9
Net-SNMP Net-SNMP 5.0.8
Net-SNMP Net-SNMP 5.0.7
+ Conectiva Linux 9.0
Net-SNMP Net-SNMP 5.0.6
Net-SNMP Net-SNMP 5.0.5
Net-SNMP Net-SNMP 5.0.4 .pre2
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0 i386
Net-SNMP Net-SNMP 5.0.3
Net-SNMP Net-SNMP 5.0.1
Avaya Interactive Response 2.0
Net-SNMP Net-SNMP 5.3
Net-SNMP Net-SNMP 5.2.2
Net-SNMP Net-SNMP 5.1.3

- 不受影响的程序版本

Net-SNMP Net-SNMP 5.3
Net-SNMP Net-SNMP 5.2.2
Net-SNMP Net-SNMP 5.1.3

- 漏洞讨论

Net-SNMP is prone to a remote denial-of-service vulnerability. The issue is exposed when Net-SNMP is configured to communicate over TCP; Net-SNMP using UDP is unaffected.

This issue affects Net-SNMP when running in 'master agentx' mode. An attacker can exploit this issue to cause the affected service to crash, effectively denying service to legitimate users.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at:

- 解决方案

This issue has been addressed in the following (and later) versions: 5.1.3, 5.2.2, 5.3.

Sun Solaris 10.0

Sun Solaris 10.0_x86

Net-SNMP Net-SNMP 5.1

Net-SNMP Net-SNMP 5.1.1

Net-SNMP Net-SNMP 5.1.2

Net-SNMP Net-SNMP 5.2.1 .2

- 相关参考