Debian Security Advisory DSA 1483-1 (net-snmp) Network Vulnerability

Summary

The remote host is missing an update to net-snmp announced via advisory DSA 1483-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201483-1

Insight

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. For the stable distribution (etch), this problem has been fixed in version 5.2.3-7etch2 For the unstable and testing distributions (sid and lenny, respectively), this problem has been fixed in version 5.4.1~dfsg-2 We recommend that you upgrade your net-snmp package.

Severity

Classification

CVE CVE-2007-5846
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1017-1 (kernel-source-2.6.8)
Debian Security Advisory DSA 079-2 (uucp)
Debian Security Advisory DSA 012-1 (micq)
Debian Security Advisory DSA 1045-1 (openvpn)
Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27)

Take action and discover your vulnerabilities