PT-2014-5399 · Net Snmp+4 · Net-Snmp+4

Published

2014-09-05

Updated

2024-06-15

CVE-2014-3565

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions net-snmp versions 5.7.0 and earlier

Description The issue allows remote attackers to cause a denial of service, specifically a crash of the snmptrapd service, by sending a crafted SNMP trap message. This occurs when the -OQ option is used, triggering a conversion to the variable type designated in the MIB file. For example, a NULL type in an ifMtu trap message can cause this issue.

Recommendations For net-snmp versions 5.7.0 and earlier, consider disabling the use of the -OQ option until a fix is available to prevent the denial of service. Additionally, restrict access to the snmptrapd service to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CESA-2015_1385

CESA-2015_2345

CVE-2014-3565

MGASA-2014-0371

OPENSUSE-SU-2024:10204-1

RHSA-2015:1385

RHSA-2015:2345

RHSA-2015_1385

RHSA-2015_2345

SUSE-SU-2014_1106-1

USN-2711-1

Affected Products

Centos

Red Hat

Suse

Ubuntu

Net-Snmp

PT-2014-5399 · Net Snmp+4 · Net-Snmp+4

CVE-2014-3565

Weakness Enumeration

Related Identifiers

Affected Products

References · 54