CVE-2014-3565

Опубликовано: 31 авг. 2014

Источник: redhat

CVSS2: 4.3

Описание

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.

Отчет

This issue affects the versions of net-snmp as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	net-snmp	Will not fix
Red Hat Enterprise Linux 6	net-snmp	Fixed	RHSA-2015:1385	20.07.2015
Red Hat Enterprise Linux 7	net-snmp	Fixed	RHSA-2015:2345	19.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-843

https://bugzilla.redhat.com/show_bug.cgi?id=1125155net-snmp: snmptrapd crash when handling an SNMP trap containing a ifMtu with a NULL type

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-3565

ubuntu

около 11 лет назад

CVE-2014-3565

nvd

около 11 лет назад

CVE-2014-3565

debian

около 11 лет назад

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is us ...

GHSA-w26p-786m-5h86

github

больше 3 лет назад

ELSA-2015-2345

oracle-oval

почти 10 лет назад

ELSA-2015-2345: net-snmp security and bug fix update (MODERATE)

4.3 Medium

CVSS2