VMware ESX Server 3.0.3, Patch ESX303-201002202-UG: Updates net-snmp (1018027)
Release Date: March 08, 2010
Summaries and Symptoms
This patch updates the service console package for net-snmp, net-snmp-utils, and net-snmp-libs to net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by-zero flaw in the snmpd daemon. A remote attacker could issue a specially crafted GETBULK request that could cause the snmpd daemon to fail. This vulnerability was introduced by an incorrect fix for CVE-2008-4309.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1887 to this issue.
Note: After installing the ESX303-200808401-SG patch, running the snmpbulkwalk command with the -CnX parameter results in no output, and the snmpd daemon stops. This patch fixes the issue.