pkg/49860: DoS against snmpd on netbsd routers

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/49860: DoS against snmpd on netbsd routers
From: 6bone%6bone.informatik.uni-leipzig.de@localhost
Date: Sun, 26 Apr 2015 16:20:00 +0000 (UTC)

>Number:         49860
>Category:       pkg
>Synopsis:       DoS against snmpd on netbsd routers
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 26 16:20:00 +0000 2015
>Originator:     Uwe Toenjes
>Release:        pkgsrc-2015Q1
>Organization:
University of Leipzig
>Environment:
NetBSD 7.99.9 (MYCONF7.gdb) #0: Wed Apr  8 12:26:30 CEST 2015  root@:/usr/obj/sys/arch/amd64/compile/MYCONF7.gdb amd64
>Description:
IPv6 routers allow remote attackers to make the snmpd (net-snmp-5.7.3) stop work permanently. The snmpd then uses 100% CPU and does not respond to requests.

The attacker isn't sending the packets to the service itself. It sends only packets through the router!
>How-To-Repeat:
Choose a netbsd ipv6 router with a running snmpd. Use the program thcsyn6 to scan the network located behind the router. The scan can be stopped after a few seconds. The snmpd is now running at 100% CPU and does not respond to requests.

The problem only occurs when you scan an entire subnet with the -D option. I guess the problem might be a result of the high number of concurrent ndp requests.

>Fix:

Prev by Date: Re: PR/49852 CVS commit: pkgsrc/net/socat
Next by Date: Re: PR/49852 CVS commit: pkgsrc/net/socat
Previous by Thread: Payment Cancellation Form
Next by Thread: Re: pkg/49860: DoS against snmpd on netbsd routers
Indexes:

Home | Main Index | Thread Index | Old Index