CVE-2005-4837
CVSS10.0
发布时间 :2005-12-31 00:00:00
修订时间 :2011-03-07 00:00:00
NMCOPS    

[原文]snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.


[CNNVD]Net-SNMP断开TCP连接远程拒绝服务漏洞(CNNVD-200512-675)

        Net-SNMP是一个免费的、开放源码的SNMP实现,以前称为UCD-SNMP。
        Net-SNMP处理用户TCP连接时存在漏洞,远程攻击者可能利用此漏洞导致服务不可用。如果以master agentx模式运行的话,则远程攻击者就可能通过断开特定的TCP连接在snmpd的snmp_api.c中触发释放错误的变量,导致snmpd崩溃。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-189| CWE-16 []

- CPE (受影响的平台与产品)

cpe:/a:net-snmp:net-snmp:5.0.3
cpe:/a:sourceforge:net-snmp:5.0.9
cpe:/a:sourceforge:net-snmp:5.2.1.2
cpe:/a:net-snmp:net-snmp:5.0.4_pre2
cpe:/a:net-snmp:net-snmp:5.0
cpe:/a:net-snmp:net-snmp:5.0.7
cpe:/a:net-snmp:net-snmp:5.0.6
cpe:/a:net-snmp:net-snmp:5.0.8
cpe:/a:net-snmp:net-snmp:5.0.2
cpe:/a:net-snmp:net-snmp:5.0.10
cpe:/a:net-snmp:net-snmp:5.0.1
cpe:/a:sourceforge:net-snmp:5.1.2
cpe:/a:net-snmp:net-snmp:5.0.5
cpe:/a:net-snmp:net-snmp:5.0.9

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9442snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allow...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4837
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4837
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-675
(官方数据源) CNNVD

- 其它链接及资源

https://issues.rpath.com/browse/RPL-1334
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-1334
http://www.vupen.com/english/advisories/2007/1944
(VENDOR_ADVISORY)  VUPEN  ADV-2007-1944
http://www.ubuntu.com/usn/USN-456-1
(UNKNOWN)  UBUNTU  USN-456-1
http://www.securityfocus.com/bid/23762
(UNKNOWN)  BID  23762
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102929-1
(UNKNOWN)  SUNALERT  102929
http://sourceforge.net/tracker/index.php?func=detail&aid=1207023&group_id=12694&atid=112694
(UNKNOWN)  CONFIRM  http://sourceforge.net/tracker/index.php?func=detail&aid=1207023&group_id=12694&atid=112694
http://secunia.com/advisories/25411
(VENDOR_ADVISORY)  SECUNIA  25411
http://secunia.com/advisories/25115
(VENDOR_ADVISORY)  SECUNIA  25115
http://secunia.com/advisories/25114
(VENDOR_ADVISORY)  SECUNIA  25114

- 漏洞信息

Net-SNMP断开TCP连接远程拒绝服务漏洞
危急 其他
2005-12-31 00:00:00 2012-12-26 00:00:00
远程  
        Net-SNMP是一个免费的、开放源码的SNMP实现,以前称为UCD-SNMP。
        Net-SNMP处理用户TCP连接时存在漏洞,远程攻击者可能利用此漏洞导致服务不可用。如果以master agentx模式运行的话,则远程攻击者就可能通过断开特定的TCP连接在snmpd的snmp_api.c中触发释放错误的变量,导致snmpd崩溃。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102929-1
        http://sourceforge.net/project/showfiles.php?group_id=12694&package_id=11571&release_id=338903

- 漏洞信息 (F56419)

Ubuntu Security Notice 456-1 (PacketStormID:F56419)
2007-05-03 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service
linux,ubuntu
CVE-2005-4837
[点击下载]

Ubuntu Security Notice 456-1 - A really old denial of service issue with net-snmp has finally been fixed.

=========================================================== 
Ubuntu Security Notice USN-456-1               May 02, 2007
net-snmp vulnerability
CVE-2005-4837
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  snmpd                                    5.2.1.2-4ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

The SNMP service did not correctly handle TCP disconnects.  Remote 
subagents could cause a denial of service if they dropped a connection 
at a specific time.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.1.diff.gz
      Size/MD5:    71936 2a4cb9c1f800080e5e2374f3f84b8d7a
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2-4ubuntu2.1.dsc
      Size/MD5:      792 2855b4bf1c6d5fdda432999b3e7c7533
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.2.1.2.orig.tar.gz
      Size/MD5:  3869893 34159770a7fe418d99fdd416a75358b1

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-base_5.2.1.2-4ubuntu2.1_all.deb
      Size/MD5:  1151640 e40129b2a40d0efe2644207776152c98
    http://security.ubuntu.com/ubuntu/pool/universe/n/net-snmp/tkmib_5.2.1.2-4ubuntu2.1_all.deb
      Size/MD5:   822598 b768bdd2b9f4417925b4b3efb3d4edcb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:   896164 855871a700bfa3655ac3a10118cb69e6
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:  1496678 398e8f61079aff0fba54135322812d36
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:  1825690 fb3b45a844420bc93c0c1ea7aec1b6c8
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:   888946 2ddf1fd336891d925c05c093620c6755
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_amd64.deb
      Size/MD5:   796756 90b141201184e1f01ab9ff0e1b4f3612

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:   896372 eac0a7df274971ba80b1dd669c0f0ec8
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:  1267600 b52a5f612636a6d2ba77efe7da2fb864
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:  1709432 cb84264a9581bcbb2093280924d2036f
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:   881478 4d9bc662c8ecab47b484c33765b24a55
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_i386.deb
      Size/MD5:   794300 aeaf12afa90adbe6466e1f14ac3a81e7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:   912514 2af054816148762b77a561655944b2b8
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:  1589090 f00c4b7f21855f7862864bf51b898569
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:  1727216 7a982cc48199b22df04cb84f1fc5f217
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:   898250 75a7b6278614c10ab1967a689f00a6e1
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_powerpc.deb
      Size/MD5:   795666 449405c93bf2c822694c51c09112cf6c

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp-perl_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:   896380 8d9bced826d6097c92b056fba5651cec
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9-dev_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:  1485066 fff34136dd9ef3ccb9fa43d58cb8f31c
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/libsnmp9_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:  1705908 95015429b477368287651682622c12ff
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmp_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:   882846 223f74ba12b6374e8c79c9b05b3f7a9e
    http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/snmpd_5.2.1.2-4ubuntu2.1_sparc.deb
      Size/MD5:   796020 af0197bc714b9a1bf0ad240d208ee497

    

- 漏洞信息

34907
Net-SNMP snmpd Master Agentx Mode Remote DoS
Remote / Network Access Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-05-23 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Net-SNMP TCP Disconnect Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 23762
Yes No
2007-05-02 12:00:00 2007-06-06 10:20:00
The initial discoverer of this issue is currently unknown. This issue was disclosed by the vendor.

- 受影响的程序版本

Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Sun Solaris 10_x86
Sun Solaris 10.0_x86
Sun Solaris 10.0
Sun Solaris 10
rPath rPath Linux 1
Net-SNMP Net-SNMP 5.2.1 .2
Net-SNMP Net-SNMP 5.2.1
Net-SNMP Net-SNMP 5.2
Net-SNMP Net-SNMP 5.1.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Net-SNMP Net-SNMP 5.1.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Net-SNMP Net-SNMP 5.1
Net-SNMP Net-SNMP 5.0.10 .2
Net-SNMP Net-SNMP 5.0.9
Net-SNMP Net-SNMP 5.0.8
Net-SNMP Net-SNMP 5.0.7
+ Conectiva Linux 9.0
Net-SNMP Net-SNMP 5.0.6
Net-SNMP Net-SNMP 5.0.5
Net-SNMP Net-SNMP 5.0.4 .pre2
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0 i386
Net-SNMP Net-SNMP 5.0.3
Net-SNMP Net-SNMP 5.0.1
Net-SNMP Net-SNMP 0
Avaya Interactive Response 2.0
Net-SNMP Net-SNMP 5.3
Net-SNMP Net-SNMP 5.2.2
Net-SNMP Net-SNMP 5.1.3

- 不受影响的程序版本

Net-SNMP Net-SNMP 5.3
Net-SNMP Net-SNMP 5.2.2
Net-SNMP Net-SNMP 5.1.3

- 漏洞讨论

Net-SNMP is prone to a remote denial-of-service vulnerability. The issue is exposed when Net-SNMP is configured to communicate over TCP; Net-SNMP using UDP is unaffected.

This issue affects Net-SNMP when running in 'master agentx' mode. An attacker can exploit this issue to cause the affected service to crash, effectively denying service to legitimate users.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

- 解决方案

This issue has been addressed in the following (and later) versions: 5.1.3, 5.2.2, 5.3.


Sun Solaris 10.0

Sun Solaris 10.0_x86

Net-SNMP Net-SNMP 5.1

Net-SNMP Net-SNMP 5.1.1

Net-SNMP Net-SNMP 5.1.2

Net-SNMP Net-SNMP 5.2.1 .2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站