PT-2014-5399 · Net Snmp+4 · Net-Snmp+4

Publicado

2014-09-05

Atualizado

2024-06-15

CVE-2014-3565

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions net-snmp versions 5.7.0 and earlier

Description The issue allows remote attackers to cause a denial of service, specifically a crash of the snmptrapd service, by sending a crafted SNMP trap message. This occurs when the -OQ option is used, triggering a conversion to the variable type designated in the MIB file. For example, a NULL type in an ifMtu trap message can cause this issue.

Recommendations For net-snmp versions 5.7.0 and earlier, consider disabling the use of the -OQ option until a fix is available to prevent the denial of service. Additionally, restrict access to the snmptrapd service to minimize the risk of exploitation.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CESA-2015_1385

CESA-2015_2345

CVE-2014-3565

MGASA-2014-0371

OPENSUSE-SU-2024:10204-1

RHSA-2015:1385

RHSA-2015:2345

RHSA-2015_1385

RHSA-2015_2345

SUSE-SU-2014_1106-1

USN-2711-1

Produtos afetados

Centos

Red Hat

Suse

Ubuntu

Net-Snmp

PT-2014-5399 · Net Snmp+4 · Net-Snmp+4

CVE-2014-3565

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 54