Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Vigil@nce: Net-SNMP, denial of service via GETBULK

November 2008 by Vigil@nce


An attacker can create a denial of service by requesting numerous data with GETBULK.

Gravity: 2/4

Consequences: denial of service of service

Provenance: intranet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 03/11/2008


- Debian Linux
- Fedora
- Mandriva Corporate
- Mandriva Linux
- Net-SNMP
- Red Hat Enterprise Linux


The SNMP protocol defines several query types:
- SET : change a parameter
- GET : read a parameter
- GETNEXT : obtain the next parameter
- GETBULK : repeat GETNEXT, until a maximum indicated in the query

However, when Net-SNMP receives a GETBULK query, it does not correctly calculates the needed size of a reply buffer, which thus overflows.

An attacker, allowed to send queries via a public community for example, can thus create a denial of service. To execute code, the attacker has to control the contents of data returned by Net-SNMP.


Identifiers: BID-32020, CVE-2008-4309, DSA-1663-1, FEDORA-2008-9362, FEDORA-2008-9367, MDVSA-2008:225, RHSA-2008:0971-01, VIGILANCE-VUL-8212

See previous articles


See next articles