Vigil@nce - Net-SNMP: memory leaks
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use several memory leaks of Net-SNMP, in order to
generate a denial of service.
Severity: 2/4
Creation date: 24/05/2010
DESCRIPTION OF THE VULNERABILITY
Several memory leaks were announced in Net-SNMP.
The snmplib library is impacted by several memory leaks.
[severity:2/4; 2797251]
A memory leak occurs in the OID (Object ID) handling of snmplib.
[severity:2/4; 2871747]
A memory leak occurs in snmpd, when the OID table is constructed.
[severity:2/4; 2822360]
A memory leak occurs in snmpd, when ipAddressPrefixTable is
managed. [severity:2/4; 2822337]
A memory leak occurs in snmpd, when handling a proxy.
[severity:2/4; 2883155]
A memory leak occurs in snmpd, when several interfaces have the
same IPv6 address. [severity:2/4]
A memory leak occurs in the Python interface of snmpwalk.
[severity:2/4; 2260828]
On Linux, a memory leak occurs in udpEndpointTable. [severity:2/4;
2822355]
On Windows, a handle leak occurs in pass_persist. [severity:2/4;
2779541]
On Windows, a memory leak occurs in winExtDLL/SnmpExtensionQuery.
[severity:2/4]
An attacker can therefore use several memory leaks of Net-SNMP, in
order to generate a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Net-SNMP-memory-leaks-9664