CVE-2014-3565

Publication date 7 October 2014

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

Read the notes from the security team

Status

Package Ubuntu Release Status
net-snmp 15.04 vivid
Fixed 5.7.2~dfsg-8.1ubuntu5.1
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 5.7.2~dfsg-8.1ubuntu3.1
12.04 LTS precise
Fixed 5.4.3~dfsg-2.4ubuntu1.3
10.04 LTS lucid Ignored end of life

Notes

jdstrand

per upstream, -OQ option is uncommon

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
net-snmp

References

Related Ubuntu Security Notices (USN)

    • USN-2711-1
    • Net-SNMP vulnerabilities
    • 17 August 2015

Other references