CVE-2018-18066 – net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-18066
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. snmp_oid_compare en snmplib/snmp_api.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante no autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UDP manipulado, lo que resulta en una denegación de servicio (DoS). • https://dumpco.re/blog/net-snmp-5.7.3-remote-dos https://security.netapp.com/advisory/ntap-20181107-0001 https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://access.redhat.com/security/cve/CVE-2018-18066 https://bugzilla.redhat.com/show_bug.cgi?id=1637572 • CWE-476: NULL Pointer Dereference •
CVE-2018-18065 – net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2018-18065
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. _set_key en agent/helpers/table_container.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UDP manipulado, lo que resulta en una denegación de servicio (DoS). • https://www.exploit-db.com/exploits/45547 http://www.securityfocus.com/bid/106265 https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf https://dumpco.re/blog/net-snmp-5.7.3-remote-dos https://security.netapp.com/advisory/ntap-20181107-0001 https://security.paloaltonetworks.com/CVE-2018-18065 https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d https://usn.ubuntu.com/3792-1 https://usn.ubuntu.com/3792-2 https://usn.ubuntu.com/3792-3 • CWE-476: NULL Pointer Dereference •
CVE-2018-1000116 – net-snmp: Heap corruption in snmp_pdu_parse function in snmplib/snmp_api.c
https://notcve.org/view.php?id=CVE-2018-1000116
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. NET-SNMP 5.7.2 contiene una vulnerabilidad de corrupción de memoria dinámica (heap) en el manipulador del protocolo UDP que puede resultar en la ejecución de comandos. It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. • https://lists.debian.org/debian-lts-announce/2018/03/msg00020.html https://sourceforge.net/p/net-snmp/bugs/2821 https://www.debian.org/security/2018/dsa-4154 https://access.redhat.com/security/cve/CVE-2018-1000116 https://bugzilla.redhat.com/show_bug.cgi?id=1552844 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVE-2015-8100 – OpenBSD net-snmp Information Disclosure
https://notcve.org/view.php?id=CVE-2015-8100
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. El paquete net-snmp en OpenBSD hasta la versión 5.8 emplea permisos 0644 para snmpd.conf, lo que permite a usuarios locales obtener información sensible de la comunidad mediante la lectura de este archivo. OpenBSD net-snmp suffers from a credential and information disclosure vulnerability. • http://packetstormsecurity.com/files/134323/OpenBSD-net-snmp-Information-Disclosure.html http://www.openwall.com/lists/oss-security/2015/11/09/6 http://www.securitytracker.com/id/1034099 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5621 – net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2015-5621
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. Vulnerabilidad en la función snmp_pdu_parse en snmp_api.c en net-snmp 5.7.2 y versiones anteriores, no elimina la variable varBind en un elemento netsnmp_variable_list cuando falla el análisis gramatical del SNMP PDU, lo que permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un paquete manipulado. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. • https://www.exploit-db.com/exploits/45547 http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1636.html http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791 http://support.citrix.com/article/CTX209443 http://www.openwall.com/lists/oss-security/2015/04/13/1 http://www.openwall.com/lists/oss-security/2015/04/16/15 http://www.openwall.com/lists/oss-security/2015/07/31/1 http://www.securityfoc • CWE-19: Data Processing Errors CWE-665: Improper Initialization •