PT-2007-7472 · Debian+2 · Debian+2
Bill Trost
·
Published
1970-01-01
·
Updated
2018-10-15
·
CVE-2007-5846
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
net-snmp versions prior to 5.4.1
Description
The issue allows remote attackers to cause a denial of service, consuming CPU and memory via a GETBULK request with a large
max-repeaters value. Multiple vulnerabilities in the net-snmp package of Debian GNU/Linux can be exploited remotely, leading to disruption of protected information availability.Recommendations
For net-snmp versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SNMP agent to minimize the risk of exploitation. Avoid using large
max-repeaters values in GETBULK requests until the issue is resolved.Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Red Hat
Net-Snmp