Your submission was sent successfully! Close

CVE-2012-2141

Published: 27 April 2012

Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.

Priority

Medium

Status

Package Release Status
net-snmp
Launchpad, Ubuntu, Debian
hardy
Released (5.4.1~dfsg-4ubuntu4.4)
lucid
Released (5.4.2.1~dfsg0ubuntu1-0ubuntu2.2)
natty
Released (5.4.3~dfsg-2ubuntu1.1)
oneiric
Released (5.4.3~dfsg-2.2ubuntu1.1)
precise
Released (5.4.3~dfsg-2.4ubuntu1.1)
upstream Needed

Patches:
vendor: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
upstream: http://net-snmp.git.sourceforge.net/git/gitweb.cgi?p=net-snmp/net-snmp;a=commit;h=4c5633f1603e4bd03ed05c37d782ec8911759c47