CVE-2014-2285

Name of the Vulnerable Software and Affected Versions Net-SNMP versions 5.3.2.2 through 5.7.3.pre3 Net-SNMP version 5.3.2.2

Description The issue concerns multiple vulnerabilities in the Net-SNMP package, which can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. The perl trapd handler function in certain Perl versions allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, triggering a NULL pointer dereference within the newSVpv function in Perl.

Recommendations For Net-SNMP versions 5.3.2.2, consider disabling the perl trapd handler function as a temporary workaround until a patch is available. For Net-SNMP versions 5.3.2.2, restrict access to the SNMP trap endpoint to minimize the risk of exploitation. For Net-SNMP versions prior to 5.7.3.pre3, update to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some versions, so consider general security best practices to minimize potential risks.