Описание
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.
A flaw was found in net-snmp. A remote attacker can trigger a buffer overflow in the snmptrapd daemon by sending a specially crafted SNMP packet, causing the daemon to crash and resulting in a denial of service.
Отчет
This issue allows a remote and unauthenticated attacker to trigger a buffer overflow in the snmptrapd daemon by sending a specially crafted SNMP packet, causing it to crash, and resulting in a denial of service. However, as this is a buffer overflow issue, it can also cause memory corruption and the possibility of arbitrary code execution is not discarded. Note that SNMP ports are not recommended to be open to public networks, limiting the exposure of this issue. Additionally, default Red Hat Enterprise Linux security features such as SELinux enforcement, Address Space Layout Randomization (ASLR) and memory protections reduce the possibility of exploitation. Due to these reasons, this flaw has been rated with an important severity.
Меры по смягчению последствий
Make sure to restrict network traffic to the snmptrapd daemon using firewall rules to allow connections only from known and trusted users and that SNMP ports are not open to public networks. This will limit the exposure of this issue and reduce the likelihood of exploitation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | net-snmp | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Affected | ||
| Red Hat Enterprise Linux 10 | net-snmp | Fixed | RHSA-2026:0668 | 15.01.2026 |
| Red Hat Enterprise Linux 10.0 Extended Update Support | net-snmp | Fixed | RHSA-2026:0810 | 19.01.2026 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | net-snmp | Fixed | RHSA-2026:0926 | 21.01.2026 |
| Red Hat Enterprise Linux 8 | net-snmp | Fixed | RHSA-2026:0750 | 19.01.2026 |
| Red Hat Enterprise Linux 8 | net-snmp | Fixed | RHSA-2026:0750 | 19.01.2026 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | net-snmp | Fixed | RHSA-2026:0850 | 20.01.2026 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | net-snmp | Fixed | RHSA-2026:0852 | 20.01.2026 |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | net-snmp | Fixed | RHSA-2026:0852 | 20.01.2026 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.
net-snmp is a SNMP application library, tools and daemon. Prior to ver ...
9.8 Critical
CVSS3