[VIM] Duplicate CVE's for Net-SNMP issues
Steven M. Christey
coley at mitre.org
Wed Apr 11 18:55:50 UTC 2007
Normally, CVE dupes are fairly straightforward, but it took some
coordination with Sun and Net-SNMP to find and address this dupe, and
a lot of vuln DB's may be affected.
See the analysis for CVE-2005-2177 below. It was even more painful
than it sounds ;-)
Acknowledged: yes advisory
Reference: BUGTRAQ:20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
Reference: BUGTRAQ:20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1
Reference: BUGTRAQ:20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2
Reference: BUGTRAQ:20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2
Reference: MLIST:[net-snmp-announce] 20050701 Multiple new Net-SNMP releases to fix a security related bug
Net-SNMP 5.0.x before 22.214.171.124, 5.2.x before 126.96.36.199, and 5.1.3, when
net-snmp is using stream sockets such as TCP, allows remote attackers
to cause a denial of service (daemon hang and CPU consumption) via a
TCP packet of length 1, which triggers an infinite loop.
ABSTRACTION: CVE-2006-5941 was flagged as a dupe of CVE-2005-2177 by
Net-SNMP and Sun in various e-mails from November 2006 to April 2007,
with the greatest clarification provided by Thomas Anders on Nov 30.
Summary: 1. the original description for CVE-2005-2177 was based on a
slightly vague disclosure by Net-SNMP; later information would show
that it deals with a length-1 TCP packet. 2. the NEWS file included
the same text in a "Security:" item for both 188.8.131.52 and 184.108.40.206,
but diff analysis had shown there were slightly different issues.
3. Sun requested CVE-2006-5941, since their information did not
exactly match their understanding of CVE-2005-2177. 4. After
publication of CVE-2006-5941, Net-SNMP and SuSE spotted the issue as a
potential dupe. 5. Further conversation with all parties made it
clear that Net-SNMP had fixed a separate issue, CVE-2005-4837, in a
similar version, but had not elevated it to "vulnerability" status.
CVE-2006-5941 was thus rejected.
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before
5.1.3, and 5.0.x before 220.127.116.11, when running in master agentx mode,
allows remote attackers to cause a denial of service (crash) by
causing a particular TCP disconnect, which triggers a free of an
incorrect variable, a different vulnerability than CVE-2005-2177.
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2177. Reason:
This candidate is a duplicate of CVE-2005-2177. Notes: All CVE users
should reference CVE-2005-2177 instead of this candidate. All
references and descriptions in this candidate have been removed to
prevent accidental usage.
ACCURACY: see CVE-2005-2177 analysis for an explanation of how the
dupe arose and was addressed.
More information about the VIM