The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Net-SNMP

vulnerability alert CVE-2018-18065

Net-SNMP: denial of service via GetNext PDU Multiple Varbinds

Synthesis of the vulnerability

An attacker can generate a fatal error via GetNext PDU Multiple Varbinds of Net-SNMP, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Data ONTAP, Net-SNMP, openSUSE Leap, Solaris, Palo Alto Firewall PA***, PAN-OS, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user account.
Creation date: 09/10/2018.
Identifiers: bulletinoct2018, CVE-2018-18065, DLA-1540-1, DSA-4314-1, FEDORA-2018-042156f164, NTAP-20181107-0001, openSUSE-SU-2018:3381-1, openSUSE-SU-2018:3508-1, PAN-SA-2019-0007, SUSE-SU-2018:3319-1, SUSE-SU-2018:3333-1, SUSE-SU-2018:3447-1, USN-3792-1, USN-3792-2, USN-3792-3, VIGILANCE-VUL-27441.

Description of the vulnerability

An attacker can generate a fatal error via GetNext PDU Multiple Varbinds of Net-SNMP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-18066

Net-SNMP: denial of service via Incompletely Parsed Varbinds

Synthesis of the vulnerability

An attacker can generate a fatal error via Incompletely Parsed Varbinds of Net-SNMP, in order to trigger a denial of service.
Impacted products: Fedora, Data ONTAP, Net-SNMP.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 09/10/2018.
Identifiers: CVE-2018-18066, FEDORA-2018-042156f164, NTAP-20181107-0001, VIGILANCE-VUL-27440.

Description of the vulnerability

An attacker can generate a fatal error via Incompletely Parsed Varbinds of Net-SNMP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1000116

Net-SNMP: memory corruption via snmplib/snmp_api.c

Synthesis of the vulnerability

An attacker can generate a memory corruption via snmplib/snmp_api.c of Net-SNMP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Net-SNMP.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 08/03/2018.
Identifiers: 2821, CVE-2018-1000116, DLA-1317-1, DSA-4154-1, FEDORA-2018-5a5f51753c, FEDORA-2018-d64806ca1d, VIGILANCE-VUL-25492.

Description of the vulnerability

An attacker can generate a memory corruption via snmplib/snmp_api.c of Net-SNMP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-5621

Net-SNMP: memory leak via snmp_pdu_parse

Synthesis of the vulnerability

An attacker can create a memory leak in snmp_pdu_parse() of Net-SNMP, in order to trigger a denial of service.
Impacted products: Arkoon FAST360, XenServer, Debian, BIG-IP Hardware, TMOS, Net-SNMP, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 13/04/2015.
Identifiers: bulletinoct2016, CERTFR-2016-AVI-133, CTX209443, CVE-2015-5621, DSA-4154-1, MDVSA-2015:229, openSUSE-SU-2015:1502-1, RHSA-2015:1636-01, SOL17378, STORM-2015-09-EN, STORM-2015-10-EN, STORM-2015-11-EN.2, STORM-2015-12-EN, USN-2711-1, VIGILANCE-VUL-16576.

Description of the vulnerability

The Net-SNMP product uses the snmp_pdu_parse() function to analyze data of SNMP packets.

However, after an error, the memory allocated to process an option in snmp_parse_var_op() is never freed.

An attacker can therefore create a memory leak in snmp_pdu_parse() of Net-SNMP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-3565

Net-SNMP: denial of service via snmptrapd

Synthesis of the vulnerability

An attacker can send a malicious SNMP TRAP packet to snmptrapd of Net-SNMP with "-OQ", in order to trigger a denial of service.
Impacted products: BIG-IP Hardware, TMOS, Fedora, Net-SNMP, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 01/09/2014.
Identifiers: CVE-2014-3565, FEDORA-2014-10095, FEDORA-2014-10099, MDVSA-2014:184, MDVSA-2015:092, openSUSE-SU-2014:1108-1, RHSA-2015:1385-01, RHSA-2015:2345-01, SOL17315, USN-2711-1, VIGILANCE-VUL-15248.

Description of the vulnerability

The Net-SNMP snmptrapd daemon supports the "-OQ" option, which indicates to not display the type (Timeticks, Integer, etc.).

However, in this case, display functions interpret data from packet (for example NULL) with the type of the MIB (for example Integer), which stops the daemon.

An attacker can therefore send a malicious SNMP TRAP packet to snmptrapd of Net-SNMP with "-OQ", in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-2310

Net-SNMP: denial of service via AgentX

Synthesis of the vulnerability

An attacker can send a special SNMP GET query to Net-SNMP, in order to trigger a denial of service in AgentX.
Impacted products: Net-SNMP, Solaris, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 06/03/2014.
Identifiers: 684388, BID-66005, CVE-2014-2310, USN-2166-1, VIGILANCE-VUL-14371.

Description of the vulnerability

The RFC 2741 defines the AgentX protocol which is used to add SNMP agents.

However, if a GET query is for several OID with different sizes, the AgentX process detects an error and stop.

An attacker can therefore send a special SNMP GET query to Net-SNMP, in order to trigger a denial of service in AgentX.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-2285

Net-SNMP: denial of service via trap

Synthesis of the vulnerability

An attacker can dereference a NULL pointer in snmptrapd of Net-SNMP, in order to trigger a denial of service.
Impacted products: Net-SNMP, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 05/03/2014.
Identifiers: 1072044, BID-65968, CVE-2014-2285, MDVSA-2014:052, MDVSA-2015:092, openSUSE-SU-2014:0398-1, openSUSE-SU-2014:0399-1, RHSA-2014:0322-01, USN-2166-1, VIGILANCE-VUL-14363.

Description of the vulnerability

The Net-SNMP product provides the snmptrapd daemon to manage SNMP TRAP messages.

The "Community String" is a string used for SNMP authentication. However, if the Community String is empty, the perl_trapd_handler() function does not check if a pointer is NULL, before using it.

An attacker can therefore dereference a NULL pointer in snmptrapd of Net-SNMP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-2284

Net-SNMP: denial of service via ICMP-MIB

Synthesis of the vulnerability

An attacker can send an ICMP packet with a large type, to a system monitored by the ICMP-MIB of Net-SNMP, in order to trigger a denial of service.
Impacted products: Fedora, Net-SNMP, openSUSE, RHEL, Ubuntu.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 26/02/2014.
Identifiers: BID-65867, CVE-2014-2284, FEDORA-2014-3423, FEDORA-2014-3427, MDVSA-2015:092, openSUSE-SU-2014:0398-1, openSUSE-SU-2014:0399-1, RHSA-2014:0321-01, USN-2166-1, VIGILANCE-VUL-14310.

Description of the vulnerability

When Net-SNMP is installed on Linux, it uses the ICMP-MIB provided by the system, which indicates information related to the ICMP protocol.

The icmpMsgStatsTable table contains statistics about each ICMP message type. However, Net-SNMP manages only 11 (IPv4) or 14 (IPv6) types, whereas Linux provides information for 256 types.

An attacker can therefore send an ICMP packet with a large type, to a system monitored by the ICMP-MIB of Net-SNMP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2012-6151

Net-SNMP: denial of service via AgentX

Synthesis of the vulnerability

An attacker can overload the AgentX daemon of Net-SNMP, to generate a timeout, in order to trigger a denial of service.
Impacted products: BIG-IP Hardware, TMOS, Fedora, Net-SNMP, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 05/12/2013.
Identifiers: 2411, CVE-2012-6151, FEDORA-2013-22809, FEDORA-2013-22919, FEDORA-2013-22949, MDVSA-2014:017, MDVSA-2014:018, RHSA-2014:0322-01, SOL16476, USN-2166-1, VIGILANCE-VUL-13878.

Description of the vulnerability

The RFC 2741 defines the protocol AgentX which is used to add SNMP agents.

However, when a timeout occurs, the AgentX of Net-SNMP can access to data which are no longer in memory.

An attacker can therefore overload the AgentX daemon of Net-SNMP, to generate a timeout, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2012-2141

Net-SNMP: denial of service via extend

Synthesis of the vulnerability

When Net-SNMP is configured with extends, an attacker can use an invalid OID, in order to stop the service.
Impacted products: BIG-IP Hardware, TMOS, Fedora, Mandriva Linux, Net-SNMP, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 26/04/2012.
Identifiers: 815813, BID-53255, BID-53258, CERTFR-2014-AVI-502, CVE-2012-2141, FEDORA-2012-16659, FEDORA-2012-16662, MDVSA-2012:099, MDVSA-2013:049, openSUSE-SU-2012:0659-1, RHSA-2012:0876-04, RHSA-2013:0124-01, SOL15883, SUSE-SU-2012:0887-1, SUSE-SU-2012:0888-1, VIGILANCE-VUL-11570.

Description of the vulnerability

The "extend" feature of Net-SNMP is used to associate a program to an OID (Object IDentifier) tree. When a clients queries this tree, Net-SNMP executes the program, and returns the value associated to the requested index:
 - .1 : the first line displayed by the program
 - .2 : the second line displayed by the program
 - etc.

However, if an attacker requests the index zero (or a too large index), the handle_nsExtendOutput2Table() function of Net-SNMP reads at an invalid memory address and stops.

When Net-SNMP is configured with extends, an attacker can therefore use an invalid OID, in order to stop the service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Net-SNMP: