Vigil@nce - Net-SNMP: denial of service via extend
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When Net-SNMP is configured with extends, an attacker can use an
invalid OID, in order to stop the service.
Severity: 2/4
Creation date: 26/04/2012
IMPACTED PRODUCTS
– Net-SNMP
DESCRIPTION OF THE VULNERABILITY
The "extend" feature of Net-SNMP is used to associate a program to
an OID (Object IDentifier) tree. When a clients queries this tree,
Net-SNMP executes the program, and returns the value associated to
the requested index:
– .1 : the first line displayed by the program
– .2 : the second line displayed by the program
– etc.
However, if an attacker requests the index zero (or a too large
index), the handle_nsExtendOutput2Table() function of Net-SNMP
reads at an invalid memory address and stops.
When Net-SNMP is configured with extends, an attacker can
therefore use an invalid OID, in order to stop the service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Net-SNMP-denial-of-service-via-extend-11570