CVE-2012-6151

Name of the Vulnerable Software and Affected Versions Net-SNMP versions 5.7.1 and earlier net-snmp-libs version 5.3.2.2 net-snmp-utils version 5.3.2.2 net-snmp-debuginfo version 5.3.2.2 net-snmp-devel version 5.3.2.2 net-snmp version 5.3.2.2

Description The issue is related to multiple vulnerabilities in the Net-SNMP package, which can lead to a denial of service (crash or infinite loop, CPU consumption, and hang) when AgentX is registering to handle a MIB and processing GETNEXT requests. The vulnerabilities can be exploited remotely, potentially disrupting the availability of protected information.

Recommendations For Net-SNMP versions 5.7.1 and earlier: update to a version later than 5.7.1. For net-snmp-libs version 5.3.2.2: consider disabling the AgentX subagent until a patch is available. For net-snmp-utils version 5.3.2.2: restrict access to the MIB handling functionality to minimize the risk of exploitation. For net-snmp-debuginfo version 5.3.2.2: avoid using the debug information until the issue is resolved. For net-snmp-devel version 5.3.2.2: consider disabling the development functionality until a patch is available. For net-snmp version 5.3.2.2: restrict access to the Net-SNMP service to minimize the risk of exploitation.