[VIM] Duplicate CVE's for Net-SNMP issues

Steven M. Christey coley at mitre.org
Wed Apr 11 18:55:50 UTC 2007


Normally, CVE dupes are fairly straightforward, but it took some
coordination with Sun and Net-SNMP to find and address this dupe, and
a lot of vuln DB's may be affected.

See the analysis for CVE-2005-2177 below.  It was even more painful
than it sounds ;-)

- Steve


======================================================
Name: CVE-2005-2177
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2177
Acknowledged: yes advisory
Announced: 20050708
Flaw: other
Reference: BUGTRAQ:20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/451404/100/0/threaded
Reference: BUGTRAQ:20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/451419/100/200/threaded
Reference: BUGTRAQ:20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/451417/100/200/threaded
Reference: BUGTRAQ:20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/451426/100/200/threaded
Reference: MISC:http://www.net-snmp.org/about/ChangeLog.html
Reference: MLIST:[net-snmp-announce] 20050701 Multiple new Net-SNMP releases to fix a security related bug
Reference: URL:http://sourceforge.net/mailarchive/forum.php?thread_id=7659656&forum_id=12455
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2005-225.pdf
Reference: CONFIRM:http://www.vmware.com/download/esx/esx-202-200610-patch.html
Reference: CONFIRM:http://www.vmware.com/download/esx/esx-213-200610-patch.html
Reference: CONFIRM:http://www.vmware.com/download/esx/esx-254-200610-patch.html
Reference: DEBIAN:DSA-873
Reference: URL:http://www.debian.org/security/2005/dsa-873
Reference: MANDRIVA:MDKSA-2006:025
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:025
Reference: REDHAT:RHSA-2005:373
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-373.html
Reference: REDHAT:RHSA-2005:395
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-395.html
Reference: REDHAT:RHSA-2005:720
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-720.html
Reference: SUNALERT:102725
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102725-1
Reference: SUSE:SUSE-SR:2005:024
Reference: URL:http://www.novell.com/linux/security/advisories/2005_24_sr.html
Reference: TRUSTIX:2005-0034
Reference: URL:http://www.trustix.org/errata/2005/0034/
Reference: UBUNTU:USN-190-1
Reference: URL:http://www.ubuntu.com/usn/usn-190-1
Reference: BID:14168
Reference: URL:http://www.securityfocus.com/bid/14168
Reference: BID:21256
Reference: URL:http://www.securityfocus.com/bid/21256
Reference: FRSIRT:ADV-2006-4502
Reference: URL:http://www.frsirt.com/english/advisories/2006/4502
Reference: FRSIRT:ADV-2006-4677
Reference: URL:http://www.frsirt.com/english/advisories/2006/4677
Reference: SECTRACK:1017273
Reference: URL:http://securitytracker.com/id?1017273
Reference: SECUNIA:15930
Reference: URL:http://secunia.com/advisories/15930
Reference: SECUNIA:18635
Reference: URL:http://secunia.com/advisories/18635
Reference: SECUNIA:17217
Reference: URL:http://secunia.com/advisories/17217
Reference: SECUNIA:17343
Reference: URL:http://secunia.com/advisories/17343
Reference: SECUNIA:17135
Reference: URL:http://secunia.com/advisories/17135
Reference: SECUNIA:17282
Reference: URL:http://secunia.com/advisories/17282
Reference: SECUNIA:16999
Reference: URL:http://secunia.com/advisories/16999
Reference: SECUNIA:17007
Reference: URL:http://secunia.com/advisories/17007
Reference: SECUNIA:22875
Reference: URL:http://secunia.com/advisories/22875
Reference: SECUNIA:23058
Reference: URL:http://secunia.com/advisories/23058

Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when
net-snmp is using stream sockets such as TCP, allows remote attackers
to cause a denial of service (daemon hang and CPU consumption) via a
TCP packet of length 1, which triggers an infinite loop.


Analysis:
ABSTRACTION: CVE-2006-5941 was flagged as a dupe of CVE-2005-2177 by
Net-SNMP and Sun in various e-mails from November 2006 to April 2007,
with the greatest clarification provided by Thomas Anders on Nov 30.
Summary: 1. the original description for CVE-2005-2177 was based on a
slightly vague disclosure by Net-SNMP; later information would show
that it deals with a length-1 TCP packet.  2.  the NEWS file included
the same text in a "Security:" item for both 5.0.10.1 and 5.0.10.2,
but diff analysis had shown there were slightly different issues.
3. Sun requested CVE-2006-5941, since their information did not
exactly match their understanding of CVE-2005-2177.  4.  After
publication of CVE-2006-5941, Net-SNMP and SuSE spotted the issue as a
potential dupe.  5.  Further conversation with all parties made it
clear that Net-SNMP had fixed a separate issue, CVE-2005-4837, in a
similar version, but had not elevated it to "vulnerability" status.
CVE-2006-5941 was thus rejected.


======================================================
Name: CVE-2005-4837
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4837
Acknowledged: 
Announced: 20050609
Flaw: dos-malform
Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=1207023&group_id=12694&atid=112694

snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before
5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode,
allows remote attackers to cause a denial of service (crash) by
causing a particular TCP disconnect, which triggers a free of an
incorrect variable, a different vulnerability than CVE-2005-2177.


======================================================
Name: CVE-2006-5941
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5941
Acknowledged: 
Announced: 
Flaw: 

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2005-2177.  Reason:
This candidate is a duplicate of CVE-2005-2177.  Notes: All CVE users
should reference CVE-2005-2177 instead of this candidate.  All
references and descriptions in this candidate have been removed to
prevent accidental usage.


Analysis:
ACCURACY: see CVE-2005-2177 analysis for an explanation of how the
dupe arose and was addressed.




More information about the VIM mailing list