CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 2CVE-2018-18065 – net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2018-18065
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. _set_key en agent/helpers/table_container.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UDP manipulado, lo que resulta en una denegación de servicio (DoS). • https://www.exploit-db.com/exploits/45547 http://www.securityfocus.com/bid/106265 https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf https://dumpco.re/blog/net-snmp-5.7.3-remote-dos https://security.netapp.com/advisory/ntap-20181107-0001 https://security.paloaltonetworks.com/CVE-2018-18065 https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d https://usn.ubuntu.com/3792-1 https://usn.ubuntu.com/3792-2 https://usn.ubuntu.com/3792-3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-18066 – net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-18066
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. snmp_oid_compare en snmplib/snmp_api.c en Net-SNMP en versiones anteriores a la 5.8 tiene un error de excepción de puntero NULL que puede ser empleado por un atacante no autenticado para provocar el cierre inesperado de la instancia de forma remota mediante un paquete UDP manipulado, lo que resulta en una denegación de servicio (DoS). • https://dumpco.re/blog/net-snmp-5.7.3-remote-dos https://security.netapp.com/advisory/ntap-20181107-0001 https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://access.redhat.com/security/cve/CVE-2018-18066 https://bugzilla.redhat.com/show_bug.cgi?id=1637572 • CWE-476: NULL Pointer Dereference •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8100 – OpenBSD net-snmp Information Disclosure
https://notcve.org/view.php?id=CVE-2015-8100
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. El paquete net-snmp en OpenBSD hasta la versión 5.8 emplea permisos 0644 para snmpd.conf, lo que permite a usuarios locales obtener información sensible de la comunidad mediante la lectura de este archivo. OpenBSD net-snmp suffers from a credential and information disclosure vulnerability. • http://packetstormsecurity.com/files/134323/OpenBSD-net-snmp-Information-Disclosure.html http://www.openwall.com/lists/oss-security/2015/11/09/6 http://www.securitytracker.com/id/1034099 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 2CVE-2015-5621 – net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2015-5621
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. Vulnerabilidad en la función snmp_pdu_parse en snmp_api.c en net-snmp 5.7.2 y versiones anteriores, no elimina la variable varBind en un elemento netsnmp_variable_list cuando falla el análisis gramatical del SNMP PDU, lo que permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un paquete manipulado. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. • https://www.exploit-db.com/exploits/45547 http://lists.opensuse.org/opensuse-updates/2015-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1636.html http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791 http://support.citrix.com/article/CTX209443 http://www.openwall.com/lists/oss-security/2015/04/13/1 http://www.openwall.com/lists/oss-security/2015/04/16/15 http://www.openwall.com/lists/oss-security/2015/07/31/1 http://www.securityfoc • CWE-19: Data Processing Errors CWE-665: Improper Initialization •
CVSS: 5.0EPSS: 6%CPEs: 23EXPL: 1CVE-2014-3565 – net-snmp: snmptrapd crash when handling an SNMP trap containing a ifMtu with a NULL type
https://notcve.org/view.php?id=CVE-2014-3565
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. snmplib/mib.c en net-snmp 5.7.0 y anteriores, cuando la opción -OQ está utilizada, permite a atacantes remotos causar una denegación de servicio (caída de snmptrapd) a través de un mensaje trampa SNMP manipulado, lo que provoca una conversión al tipo de variable designado en el fichero MIB, tal y como fue demostrado por un tipo nulo en un mensaje trampa ifMtu. A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-1385.html http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742 http://sourceforge.net/p/net-snmp/official-patches/48 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/69477 http://www.ubuntu.com/usn/USN-2711-1 https:// • CWE-399: Resource Management Errors CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •