The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Net-SNMP: denial of service via Incompletely Parsed Varbinds

Synthesis of the vulnerability 

An attacker can generate a fatal error via Incompletely Parsed Varbinds of Net-SNMP, in order to trigger a denial of service.
Vulnerable systems: Fedora, Data ONTAP 7-Mode, Net-SNMP, RHEL, Synology DSM, Synology DS***, Synology RS***.
Severity of this threat: 3/4.
Creation date: 09/10/2018.
Références of this weakness: CVE-2018-18066, FEDORA-2018-042156f164, NTAP-20181107-0001, RHSA-2020:1081-01, RHSA-2020:2539-01, Synology-SA-19:33, Synology-SA-19:37, VIGILANCE-VUL-27440.

Description of the vulnerability 

An attacker can generate a fatal error via Incompletely Parsed Varbinds of Net-SNMP, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness alert impacts software or systems such as Fedora, Data ONTAP 7-Mode, Net-SNMP, RHEL, Synology DSM, Synology DS***, Synology RS***.

Our Vigil@nce team determined that the severity of this computer vulnerability note is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this security bulletin.

Solutions for this threat 

Net-SNMP: version 5.8.
The version 5.8 is fixed:
  https://sourceforge.net/projects/net-snmp/
  http://www.net-snmp.org/

Net-SNMP: patch for Incompletely Parsed Varbinds.
A patch is indicated in information sources.

Fedora 29: new net-snmp packages.
New packages are available:
  Fedora 29: net-snmp 5.8-3.fc29

NetApp Data ONTAP: solution for Net-SNMP.
The solution is indicated in information sources.

RHEL 7.7: new net-snmp packages.
New packages are available:
  RHEL 7.7: net-snmp 5.7.2-43.el7_7.6

RHEL 7: new net-snmp packages.
New packages are available:
  RHEL 7.0-7.7: net-snmp 5.7.2-47.el7

Synology DSM: version 6.2.2-24922-4.
The version 6.2.2-24922-4 is fixed:
  https://www.synology.com/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a system vulnerability bulletin. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.