Vigil@nce - Net-SNMP: denial of service via AgentX
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a special SNMP GET query to Net-SNMP, in
order to trigger a denial of service in AgentX.
Impacted products: Net-SNMP
Severity: 2/4
Creation date: 06/03/2014
DESCRIPTION OF THE VULNERABILITY
The RFC 2741 defines the AgentX protocol which is used to add SNMP
agents.
However, if a GET query is for several OID with different sizes,
the AgentX process detects an error and stop.
An attacker can therefore send a special SNMP GET query to
Net-SNMP, in order to trigger a denial of service in AgentX.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Net-SNMP-denial-of-service-via-AgentX-14371