CVE-2014-3565

Published: 7 October 2014

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

Notes

Author	Note
jdstrand	per upstream, -OQ option is uncommon

Priority

Status

Package	Release	Status
net-snmp Launchpad, Ubuntu, Debian	lucid	Ignored (reached end-of-life)
	precise	Released (5.4.3~dfsg-2.4ubuntu1.3)
	trusty	Released (5.7.2~dfsg-8.1ubuntu3.1)
	upstream	Needs triage
	utopic	Ignored (reached end-of-life)
	vivid	Released (5.7.2~dfsg-8.1ubuntu5.1)
	Patches: upstream: http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760132

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›