CVE-2014-3565

Severity

50%

Complexity

99%

Confidentiality

48%

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 10 years ago

2014-10-07 14:55:00

Last updated 8 years ago

2016-12-24 02:59:00

Affected Software

Apple Mac OS X 10.11.0

10.11.0

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 15.04

15.04

Net-SNMP Net-SNMP 5.0

5.0

Net-SNMP Net-SNMP 5.0.1

5.0.1

Net-SNMP Net-SNMP 5.0.2

5.0.2

Net-SNMP Net-SNMP 5.0.3

5.0.3

Net-SNMP Net-SNMP 5.0.4

5.0.4

Net-SNMP Net-SNMP 5.0.5

5.0.5

Net-SNMP Net-SNMP 5.0.6

5.0.6

Net-SNMP Net-SNMP 5.0.7

5.0.7

Net-SNMP Net-SNMP 5.0.8

5.0.8

Net-SNMP Net-SNMP 5.0.9

5.0.9

Net-SNMP Net-SNMP 5.1

5.1

Net-SNMP Net-SNMP 5.1.2

5.1.2

Net-SNMP Net-SNMP 5.2

5.2

Net-SNMP Net-SNMP 5.3

5.3

Net-SNMP Net-SNMP 5.3.0.1

5.3.0.1

Net-SNMP Net-SNMP 5.4

5.4

Net-SNMP Net-SNMP 5.5

5.5

Net-SNMP Net-SNMP 5.6

5.6

References

APPLE-SA-2015-10-21-4

Vendor Advisory

openSUSE-SU-2014:1108

RHSA-2015:1385

http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/

Exploit

http://sourceforge.net/p/net-snmp/official-patches/48/

Patch

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

69477

USN-2711-1

https://bugzilla.redhat.com/show_bug.cgi?id=1125155

GLSA-201507-17

https://support.apple.com/HT205375