Severity: 2/4

Consequences: denial of service of service

Provenance: intranet client

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 26/06/2009

IMPACTED PRODUCTS

 Red Hat Enterprise Linux

DESCRIPTION OF THE VULNERABILITY

A SNMP GETBULK query is used to obtain a group of variables at the same time. It contains the "non-repeaters" fields which indicates the starting offset.

The net-snmp package of Red Hat Enterprise Linux version 3 has a specific patch. The netsnmp_create_subtree_cache() function of the net-snmp/agent/snmp_agent.c file does not correctly checks a limit condition, which generates a division by zero. This limit condition is reached when the GETBULK query indicates a "non-repeaters" equal to the number of requested variables.

An attacker can therefore send a GETBULK request to the snmpd daemon patched for Red Hat Enterprise Linux version 3 in order to stop it.

CHARACTERISTICS

Identifiers: 506903, BID-35492, CVE-2009-1887, RHSA-2009:1124-01, VIGILANCE-VUL-8824

http://vigilance.fr/vulnerability/RHEL-3-denial-of-service-of-net-snmp-8824