CVE-2014-2310

Published: 10 March 2014

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

Priority

Status

Package	Release	Status
net-snmp Launchpad, Ubuntu, Debian	lucid	Released (5.4.2.1~dfsg0ubuntu1-0ubuntu2.3)
	precise	Released (5.4.3~dfsg-2.4ubuntu1.2)
	quantal	Released (5.4.3~dfsg-2.5ubuntu1.1)
	saucy	Not vulnerable (5.7.2~dfsg-8ubuntu1)
	upstream	Released (5.7.2~dfsg-1~0.1)
	Patches: upstream: http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2310
http://seclists.org/oss-sec/2014/q1/513
https://ubuntu.com/security/notices/USN-2166-1
NVD
Launchpad
Debian

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388
http://sourceforge.net/p/net-snmp/patches/1113/

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›