REDHAT-BUG-1038007
First published: Wed Dec 04 2013(Updated: )
net-snmp was found to be crashing/hanging due to the heavy load on the subagent AgentX. Here, snmpd is the master agent, AgentX is the subagent registering to handle a MIB and processing GETNEXT requests. When the subagent is under heavy load, requests start to pile up in the queue, replies from the subagent arrive too late (per log messages) and eventually the subagent is timed out. When the timeout occurs there is a high probability of either a crash (Segfault) or a hang (100% CPU utilisation, tight loop in the snmpd code) dependent on the version of the snmpd under test. This also happens when the subagent dies unexpectedly with outstanding transactions unserviced. References: <a href="http://seclists.org/oss-sec/2013/q4/398">http://seclists.org/oss-sec/2013/q4/398</a> <a href="http://sourceforge.net/p/net-snmp/bugs/2411/">http://sourceforge.net/p/net-snmp/bugs/2411/</a> Patch: <a href="http://sourceforge.net/p/net-snmp/patches/1237/?page=0">http://sourceforge.net/p/net-snmp/patches/1237/?page=0</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS Net-SNMP Agent Libraries |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/oss-sec/2013/q4/398
- http://sourceforge.net/p/net-snmp/bugs/2411/
- http://sourceforge.net/p/net-snmp/patches/1237/?page=0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1038011
- http://rhn.redhat.com/errata/RHBA-2013-1150.html
- http://sourceforge.net/p/net-snmp/code/ci/793d596838ff7cb48a73b675d62897c56c9e62df/
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=870332&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=870332&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=870333&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=870333&action=edit
- https://rhn.redhat.com/errata/RHSA-2014-0322.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1038007
Frequently Asked Questions
What is the severity of REDHAT-BUG-1038007?
The severity of REDHAT-BUG-1038007 is considered to be high due to the potential for net-snmp to crash under heavy load.
How do I fix REDHAT-BUG-1038007?
To fix REDHAT-BUG-1038007, update to the latest version of net-snmp that includes bug fixes for AgentX performance issues.
What causes the crash in REDHAT-BUG-1038007?
The crash in REDHAT-BUG-1038007 is caused by the subagent AgentX being overwhelmed by a high volume of GETNEXT requests.
Which version of net-snmp is affected by REDHAT-BUG-1038007?
REDHAT-BUG-1038007 affects certain versions of net-snmp, particularly those using the AgentX subagent feature.
Is there a workaround for REDHAT-BUG-1038007?
A potential workaround for REDHAT-BUG-1038007 is to reduce the load on the AgentX subagent by limiting the number of simultaneous requests.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-6151
- agent/severity
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/net-snmp
- canonical/centos net-snmp agent libraries