Описание
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | net-snmp | Will not fix | ||
| Red Hat Enterprise Linux 8 | net-snmp | Not affected | ||
| Red Hat Enterprise Linux 6 | net-snmp | Fixed | RHSA-2015:1636 | 17.08.2015 |
| Red Hat Enterprise Linux 7 | net-snmp | Fixed | RHSA-2015:1636 | 17.08.2015 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the ...
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
Уязвимость реализации протокола UDP набора программного обеспечения Net-SNMP, позволяющая нарушителю вызвать отказ в обслуживании, получить доступ к конфиденциальным данным или нарушить их целостность
6.5 Medium
CVSS3