Vulnerability Name: | CVE-2007-5846 (CCN-38328) | ||||||||||||||||||||||||||||||||||||
Assigned: | 2007-05-04 | ||||||||||||||||||||||||||||||||||||
Published: | 2007-05-04 | ||||||||||||||||||||||||||||||||||||
Updated: | 2018-10-15 | ||||||||||||||||||||||||||||||||||||
Summary: | The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. | ||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C) 6.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:H/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-399 | ||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||
References: | Source: CONFIRM Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=198346 Source: MITRE Type: CNA CVE-2007-5846 Source: MLIST Type: Patch [Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus Source: CCN Type: Net-SNMP Web site Net-SNMP Source: MISC Type: UNKNOWN http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-4-1/net-snmp/agent/snmp_agent.c?view=log Source: OSVDB Type: UNKNOWN 38904 Source: CCN Type: RHSA-2007-1045 Moderate: net-snmp security update Source: CCN Type: SA27558 Net-snmp GETBULK Denial of Service Vulnerability Source: SECUNIA Type: Vendor Advisory 27558 Source: SECUNIA Type: Vendor Advisory 27685 Source: SECUNIA Type: Vendor Advisory 27689 Source: SECUNIA Type: Vendor Advisory 27733 Source: SECUNIA Type: Vendor Advisory 27740 Source: SECUNIA Type: Vendor Advisory 27965 Source: SECUNIA Type: Vendor Advisory 28413 Source: SECUNIA Type: Vendor Advisory 28825 Source: CCN Type: SA29785 VMware ESX Server Multiple Security Updates Source: SECUNIA Type: Vendor Advisory 29785 Source: GENTOO Type: UNKNOWN GLSA-200711-31 Source: CCN Type: SECTRACK ID: 1018918 Net-snmp GETBULK Request Processing Bug Lets Remote Users Deny Service Source: CONFIRM Type: UNKNOWN http://sourceforge.net/project/shownotes.php?release_id=528095&group_id=12694 Source: CCN Type: SourceForge.net: Detail: 1712988 GETBULK with large max-repeaters denial of service Source: CONFIRM Type: UNKNOWN http://sourceforge.net/tracker/index.php?func=detail&aid=1712988&group_id=12694&atid=112694 Source: CCN Type: ASA-2007-519 Net-SNMP security update (RHSA-2007-1045) Source: DEBIAN Type: Patch DSA-1483 Source: DEBIAN Type: DSA-1483 net-snmp -- design error Source: CCN Type: GLSA-200711-31 Net-SNMP: Denial of Service Source: MANDRIVA Type: UNKNOWN MDKSA-2007:225 Source: SUSE Type: UNKNOWN SUSE-SR:2007:025 Source: CCN Type: OSVDB ID: 38904 Net-SNMP snmp_agent.c Malformed GETBULK Request Remote Memory Consumption DoS Source: REDHAT Type: UNKNOWN RHSA-2007:1045 Source: BUGTRAQ Type: UNKNOWN 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus Source: BID Type: Patch 26378 Source: CCN Type: BID-26378 Net-SNMP GETBULK Remote Denial of Service Vulnerability Source: SECTRACK Type: UNKNOWN 1018918 Source: CCN Type: USN-564-1 Net-SNMP vulnerability Source: UBUNTU Type: UNKNOWN USN-564-1 Source: VUPEN Type: Vendor Advisory ADV-2007-3802 Source: VUPEN Type: Vendor Advisory ADV-2008-1234 Source: XF Type: UNKNOWN netsnmp-getbulk-dos(38328) Source: CONFIRM Type: UNKNOWN https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11258 Source: FEDORA Type: UNKNOWN FEDORA-2007-3019 Source: SUSE Type: SUSE-SR:2007:025 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9: ![]() | ||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
BACK |