1. CVE-Search
  2. CVE-2012-2141
ID CVE-2012-2141
Summary Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
References
Vulnerable Configurations
  • cpe:2.3:a:net-snmp:net-snmp:5.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.7.1:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 822480
    title move /var/lib/net-snmp from net-snmp to net-snmp-libs
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment net-snmp is earlier than 1:5.5-41.el6
            oval oval:com.redhat.rhsa:tst:20120876001
          • comment net-snmp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150002
        • AND
          • comment net-snmp-devel is earlier than 1:5.5-41.el6
            oval oval:com.redhat.rhsa:tst:20120876003
          • comment net-snmp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150004
        • AND
          • comment net-snmp-libs is earlier than 1:5.5-41.el6
            oval oval:com.redhat.rhsa:tst:20120876005
          • comment net-snmp-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150006
        • AND
          • comment net-snmp-perl is earlier than 1:5.5-41.el6
            oval oval:com.redhat.rhsa:tst:20120876007
          • comment net-snmp-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150008
        • AND
          • comment net-snmp-python is earlier than 1:5.5-41.el6
            oval oval:com.redhat.rhsa:tst:20120876009
          • comment net-snmp-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150010
        • AND
          • comment net-snmp-utils is earlier than 1:5.5-41.el6
            oval oval:com.redhat.rhsa:tst:20120876011
          • comment net-snmp-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150012
    rhsa
    id RHSA-2012:0876
    released 2012-06-19
    severity Moderate
    title RHSA-2012:0876: net-snmp security and bug fix update (Moderate)
  • bugzilla
    id 840861
    title cannot bind to the specified port
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment net-snmp is earlier than 1:5.3.2.2-20.el5
            oval oval:com.redhat.rhsa:tst:20130124001
          • comment net-snmp is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071045013
        • AND
          • comment net-snmp-devel is earlier than 1:5.3.2.2-20.el5
            oval oval:com.redhat.rhsa:tst:20130124003
          • comment net-snmp-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071045015
        • AND
          • comment net-snmp-libs is earlier than 1:5.3.2.2-20.el5
            oval oval:com.redhat.rhsa:tst:20130124005
          • comment net-snmp-libs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071045017
        • AND
          • comment net-snmp-perl is earlier than 1:5.3.2.2-20.el5
            oval oval:com.redhat.rhsa:tst:20130124007
          • comment net-snmp-perl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071045019
        • AND
          • comment net-snmp-utils is earlier than 1:5.3.2.2-20.el5
            oval oval:com.redhat.rhsa:tst:20130124009
          • comment net-snmp-utils is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20071045021
    rhsa
    id RHSA-2013:0124
    released 2013-01-08
    severity Moderate
    title RHSA-2013:0124: net-snmp security and bug fix update (Moderate)
rpms
  • net-snmp-1:5.5-41.el6
  • net-snmp-debuginfo-1:5.5-41.el6
  • net-snmp-devel-1:5.5-41.el6
  • net-snmp-libs-1:5.5-41.el6
  • net-snmp-perl-1:5.5-41.el6
  • net-snmp-python-1:5.5-41.el6
  • net-snmp-utils-1:5.5-41.el6
  • net-snmp-1:5.3.2.2-20.el5
  • net-snmp-debuginfo-1:5.3.2.2-20.el5
  • net-snmp-devel-1:5.3.2.2-20.el5
  • net-snmp-libs-1:5.3.2.2-20.el5
  • net-snmp-perl-1:5.3.2.2-20.el5
  • net-snmp-utils-1:5.3.2.2-20.el5
refmap via4
bid
  • 53255
  • 53258
confirm http://support.citrix.com/article/CTX139049
gentoo GLSA-201409-02
misc https://bugzilla.redhat.com/show_bug.cgi?id=815813
mlist
  • [oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
  • [oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
sectrack 1026984
secunia
  • 48938
  • 59974
xf netsnmp-snmpget-dos(75169)
Last major update 29-08-2017 - 01:31
Published 14-08-2012 - 22:55
Last modified 29-08-2017 - 01:31
Back to Top