Referenced CVEs:
CVE-2007-5846
Description:
===========================================================Ubuntu Security Notice USN-564-1 January 09, 2008net-snmp vulnerabilityCVE-2007-5846===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: snmpd 5.2.1.2-4ubuntu2.2Ubuntu 6.10: snmpd 5.2.2-5ubuntu1.1Ubuntu 7.04: snmpd 5.2.3-4ubuntu1.1Ubuntu 7.10: snmpd 5.3.1-6ubuntu2.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Bill Trost discovered that snmpd did not properly limit GETBULKrequests. A remote attacker could specify a large number ofmax-repetitions and cause a denial of service via resourceexhaustion.
More...