Bug 96326 (CVE-2005-2177)

Summary: VUL-0: CVE-2005-2177: DoS against net-snmp if using stream sockets such as TCP
Product: [Novell Products] SUSE Security Incidents Reporter: Dennis Conrad <dcon>
Component: IncidentsAssignee: Marcus Rückert <mrueckert>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: andreas.taschner, jreuter, security-team, zpetrova
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: SLES 9   
Whiteboard: CVE-2005-2177: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 127851    

Description Dennis Conrad 2005-07-13 13:29:12 UTC 
(Stolen from http://secunia.com/advisories/15930 ):

The vulnerability is used due to an error in Net-snmp agents when handling
stream-based protocols such as TCP. This can be exploited to cause a DoS. TCP
support is not enabled by default.

More refenrences:

http://sourceforge.net/mailarchive/forum.php?thread_id=7659656&forum_id=12455
Comment 1 Marcus Meissner 2005-07-13 14:12:41 UTC 
Markus, how bad do you consider this issue? 
 
do we need to provide updates?
Comment 2 Dennis Conrad 2005-07-26 11:42:24 UTC 
Any news in this one?
Comment 3 Marcus Rückert 2005-08-02 12:57:25 UTC 
does anyone have a sample exploit for this?
i would like to test the patch before submitting the update.
Comment 4 Andreas Taschner 2005-08-02 13:32:24 UTC 
I checked with the customer that initiated this bug. They have only read about
the CAN and do not have anything we could use to dupe it.
Comment 5 Andreas Taschner 2005-08-12 12:06:40 UTC 
Has the patch been produced/tested yet ?
Comment 6 Marcus Meissner 2005-08-15 12:32:36 UTC 
there is no sample exploit available....
Comment 7 Andreas Taschner 2005-08-19 12:57:08 UTC 
Sorry for being unfamiliar with these issues. Does the fact that there is no
sample exploit available mean that we are not able to produce a fix (prepared to
be slapped...) ?
Comment 8 Marcus Meissner 2005-08-30 12:24:35 UTC 
Marcus, please submit without testing an exploit (to finally drive this issue 
onward ;)
Comment 9 Andreas Taschner 2005-09-12 08:18:55 UTC 
Has this moved closer towards release of the fix ?
Comment 10 Ludwig Nussel 2005-09-30 15:32:06 UTC 
CAN-2005-2177 
(subjects can be changed so the number could get lost there)
Comment 11 Thomas Biege 2005-10-04 10:27:07 UTC 
Ubuntu released an advisory for it.

===========================================================
Ubuntu Security Notice USN-190-1         September 29, 2005
net-snmp vulnerability
CAN-2005-2177
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libsnmp5
snmpd

The problem can be corrected by upgrading the affected package to
version 5.1.1-2ubuntu3.1 (for Ubuntu 4.10), or 5.1.2-6ubuntu2.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

A remote Denial of Service has been discovered in the SMNP (Simple
Network Management Protocol) library. If a SNMP agent uses TCP sockets
for communication, a malicious SNMP server could exploit this to crash
the agent. Please note that by default SNMP uses UDP sockets.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

   
http://security.ubuntu.com/ubuntu/pool/main/n/net-snmp/net-snmp_5.1.1-2ubuntu3.1.diff.gz
      Size/MD5:    64878 d6c0be6b1f4910491e5ab25445bb4700


etc.
Comment 12 Marcus Meissner 2005-10-20 10:53:45 UTC 
fixed packages finally released.
Comment 13 Thomas Biege 2009-10-13 21:33:03 UTC 
CVE-2005-2177: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)