Published: 13/12/2013 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Net-SNMP 5.7.1 and previous versions, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote malicious users to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x 10.11.0
canonical ubuntu linux 12.10
canonical ubuntu linux 12.04
canonical ubuntu linux 10.04
canonical ubuntu linux 13.10
net-snmp net-snmp 5.3
net-snmp net-snmp 5.2
net-snmp net-snmp 5.0.5
net-snmp net-snmp 5.0.4
net-snmp net-snmp
net-snmp net-snmp 5.7
net-snmp net-snmp 5.1.2
net-snmp net-snmp 5.1
net-snmp net-snmp 5.0.3
net-snmp net-snmp 5.0.2
net-snmp net-snmp 5.4
net-snmp net-snmp 5.3.0.1
net-snmp net-snmp 5.0.7
net-snmp net-snmp 5.0.6
net-snmp net-snmp 5.6
net-snmp net-snmp 5.5
net-snmp net-snmp 5.0.9
net-snmp net-snmp 5.0.8
net-snmp net-snmp 5.0.1
net-snmp net-snmp 5.0

Net-SNMP could be made to crash if it received specially crafted network traffic ...

Debian Bug report logs - #731625 net-snmp: CVE-2012-6151: snmpd DoS when AgentX subagent times-out Package: net-snmp; Maintainer for net-snmp is Net-SNMP Packaging Team <pkg-net-snmp-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Dec 2013 15:42:01 UTC Severity: imp ...

Debian Bug report logs - #760132 net-snmp: CVE-2014-3565 Package: src:net-snmp; Maintainer for src:net-snmp is Net-SNMP Packaging Team <pkg-net-snmp-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 1 Sep 2014 06:12:02 UTC Severity: important Tags: fixed-upstream, patch ...

Debian Bug report logs - #742817 net-snmp: CVE-2014-2284 Package: net-snmp; Maintainer for net-snmp is Net-SNMP Packaging Team <pkg-net-snmp-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Mar 2014 18:57:02 UTC Severity: important Tags: security, upstream Found in ...

A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processi ...

source: wwwsecurityfocuscom/bid/64048/info Net-SNMP is prone to a remote denial-of-service vulnerability Attackers can exploit this issue to cause the SNMPD to crash, exhaust CPU resources or trigger infinite loop; denying service to legitimate users Net-SNMP 571 is vulnerable; other versions may also be affected #!/bin/sh SNMPO ...

CWE-399 http://seclists.org/oss-sec/2013/q4/415 https://bugzilla.redhat.com/show_bug.cgi?id=1038007 http://sourceforge.net/p/net-snmp/bugs/2411/http://seclists.org/oss-sec/2013/q4/398 http://www.securityfocus.com/bid/64048 http://secunia.com/advisories/57870 http://www.ubuntu.com/usn/USN-2166-1 http://secunia.com/advisories/59974 http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml http://secunia.com/advisories/55804 https://rhn.redhat.com/errata/RHSA-2014-0322.html https://support.apple.com/HT205375 http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 https://exchange.xforce.ibmcloud.com/vulnerabilities/89485 https://usn.ubuntu.com/2166-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/38854/

CVE-2012-6151

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect