CVE-2009-1887

Name of the Vulnerable Software and Affected Versions net-snmp versions 5.0.9 net-snmp-devel versions 5.0.9 net-snmp-utils versions 5.0.9 net-snmp-libs versions 5.0.9

Description The issue allows remote attackers to cause a denial of service, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. This can be achieved through a crafted SNMP GETBULK request that triggers a divide-by-zero error in the agent/snmp agent.c file of the snmpd component in net-snmp. The vulnerability exists due to an incorrect fix for a previous issue.

Recommendations For net-snmp version 5.0.9, consider disabling the snmpd service until a patch is available. For net-snmp-devel version 5.0.9, restrict access to the snmp agent.c file to minimize the risk of exploitation. For net-snmp-utils version 5.0.9, avoid using the SNMP GETBULK request in the affected API endpoint until the issue is resolved. For net-snmp-libs version 5.0.9, restrict access to the vulnerable net-snmp-libs module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.