Page 4 of 27 results (0.011 seconds)

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2014-2285 – net-snmp: snmptrapd crash when using a trap with empty community string

https://notcve.org/view.php?id=CVE-2014-2285

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. La función perl_trapd_handler en perl/TrapReceiver/TrapReceiver.xs en Net-SNMP 5.7.3.pre3 y anteriores, cuando utiliza ciertas versiones Perl, permite a atacantes remotos causar una denegación de servicio (caída de snmptrapd) a través de una cadena de comunidad vacía en una trampa SNMP, lo que provoca una referencia a puntero nulo dentro de la función newSVpv en Perl. • http://comments.gmane.org/gmane.comp.security.oss.general/12284 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html http://secunia.com/advisories/59974 http://sourceforge.net/p/net-snmp/patches/1275 http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html https:/ • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 13%CPEs: 25EXPL: 3

CVE-2012-6151 – Net-SNMP - SNMPD AgentX Subagent Timeout Denial of Service

https://notcve.org/view.php?id=CVE-2012-6151

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. Net-SNMP 5.7.1 y anteriores, cuando AgentX está registrando para manejar una MIB y tramitación de solicitudes de GETNEXT, permite a atacantes remotos provocar una denegación de servicio (caída o bucle infinito, consumo de CPU, y bloqueo) causando timeout en el subagente AgentX • https://www.exploit-db.com/exploits/38854 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://seclists.org/oss-sec/2013/q4/398 http://seclists.org/oss-sec/2013/q4/415 http://secunia.com/advisories/55804 http://secunia.com/advisories/57870 http://secunia.com/advisories/59974 http://sourceforge.net/p/net-snmp/bugs/2411 http://www.gentoo.org/security/en/glsa/glsa-201409-02& • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2009-1887 – net-snmp: DoS (division by zero) via SNMP GetBulk requests

https://notcve.org/view.php?id=CVE-2009-1887

agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309. agent/snmp_agent.c en snmpd en net-snmp 5.0.9 en Red Hat Enterprise Linux (RHEL) 3 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante una petición SNMP GETBULK manipulada que dispara un error de división por 0. NOTA: esta vulnerabilidad existe debido a una corrección incorrecta para CVE-2008-4309. • http://www.mandriva.com/security/advisories?name=MDVSA-2009:156 http://www.redhat.com/support/errata/RHSA-2009-1124.html https://bugzilla.redhat.com/show_bug.cgi?id=506903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8426 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9716 https://access.redhat.com/security/cve/CVE-2009-1887 • CWE-369: Divide By Zero •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 1

CVE-2008-6123 – net-snmp: incorrect application of hosts access restrictions in hosts.{allow,deny}

https://notcve.org/view.php?id=CVE-2008-6123

The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." La función netsnmp_udp_fmtaddr (snmplib/snmpUDPDomain.c) en net-snmp v5.0.9 hasta v5.4.2, cuando usando TCP wrappers para autorización de clientes, no analiza apropiadamente reglas hosts.allow, lo que permite a los atacantes remotos evitar restricciones de accesos intencionados y ejecuta consultas SNMP, relativas a "direcciones IP fuente/destino confusas". • http://bugs.gentoo.org/show_bug.cgi?id=250429 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367 http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367 http://secunia.com/adviso • CWE-863: Incorrect Authorization •

CVSS: 5.0EPSS: 4%CPEs: 3EXPL: 0

CVE-2008-4309 – net-snmp: numresponses calculation integer overflow in snmp_agent.c

https://notcve.org/view.php?id=CVE-2008-4309

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. El código getbulk en net-snmp 5.4 antes de v5.4.2.1, 5.3 antes de v5.3.2.3, y 5.2 antes de v5.2.5.1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante vectores relacionados con el número de respuestas o repeticiones. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://marc.info/?l=bugtraq&m=125017764422557&w=2 http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272 http://secunia.com/advisories/32539 http://secunia.com/advisories/32560 http • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •