Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-18066

Опубликовано: 06 окт. 2015
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

Меры по смягчению последствий

Configuring snmp with a secret community string makes this attack much more difficult to perform, as the attacker must guess the community string in order to exploit the vulnerability. Protecting the snmp service with host firewall rules to prevent unauthorized hosts from sending messages to the snmp service will prevent this attack being carried out by users of other hosts on the network. Either or both of these steps is recommended to prevent potential attackers from gaining extra information about network devices and topology, and from causing undue load to snmp services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5net-snmpNot affected
Red Hat Enterprise Linux 6net-snmpWill not fix
Red Hat Enterprise Linux 8net-snmpNot affected
Red Hat Enterprise Linux 7net-snmpFixedRHSA-2020:108131.03.2020
Red Hat Enterprise Linux 7.7 Extended Update Supportnet-snmpFixedRHSA-2020:253912.06.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1637572net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service

EPSS

Процентиль: 69%
0.0059
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-18066

CVSS3: 7.5
ubuntu
больше 7 лет назад

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

nvd логотип

CVE-2018-18066

CVSS3: 7.5
nvd
больше 7 лет назад

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

debian логотип

CVE-2018-18066

CVSS3: 7.5
debian
больше 7 лет назад

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NU ...

github логотип

GHSA-9mpr-24m6-767p

CVSS3: 7.5
github
больше 3 лет назад

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

oracle-oval логотип

ELSA-2020-1081

oracle-oval
почти 6 лет назад

ELSA-2020-1081: net-snmp security and bug fix update (MODERATE)

EPSS

Процентиль: 69%
0.0059
Низкий

7.5 High

CVSS3