ID CVE-2018-1000116
Summary NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
References
Vulnerable Configurations
  • cpe:2.3:a:net-snmp:net-snmp:5.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1212408
title CVE-2015-5621 net-snmp: snmp_pdu_parse() incompletely parsed varBinds left in list of variables
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment net-snmp is earlier than 1:5.5-54.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151636001
        • comment net-snmp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150002
      • AND
        • comment net-snmp-devel is earlier than 1:5.5-54.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151636003
        • comment net-snmp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150004
      • AND
        • comment net-snmp-libs is earlier than 1:5.5-54.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151636005
        • comment net-snmp-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150006
      • AND
        • comment net-snmp-perl is earlier than 1:5.5-54.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151636007
        • comment net-snmp-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150008
      • AND
        • comment net-snmp-python is earlier than 1:5.5-54.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151636009
        • comment net-snmp-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150010
      • AND
        • comment net-snmp-utils is earlier than 1:5.5-54.el6_7.1
          oval oval:com.redhat.rhsa:tst:20151636011
        • comment net-snmp-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150012
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment net-snmp is earlier than 1:5.7.2-20.el7_1.1
          oval oval:com.redhat.rhsa:tst:20151636014
        • comment net-snmp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150002
      • AND
        • comment net-snmp-agent-libs is earlier than 1:5.7.2-20.el7_1.1
          oval oval:com.redhat.rhsa:tst:20151636015
        • comment net-snmp-agent-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20201376004
      • AND
        • comment net-snmp-devel is earlier than 1:5.7.2-20.el7_1.1
          oval oval:com.redhat.rhsa:tst:20151636017
        • comment net-snmp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150004
      • AND
        • comment net-snmp-gui is earlier than 1:5.7.2-20.el7_1.1
          oval oval:com.redhat.rhsa:tst:20151636018
        • comment net-snmp-gui is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151636019
      • AND
        • comment net-snmp-libs is earlier than 1:5.7.2-20.el7_1.1
          oval oval:com.redhat.rhsa:tst:20151636020
        • comment net-snmp-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150006
      • AND
        • comment net-snmp-perl is earlier than 1:5.7.2-20.el7_1.1
          oval oval:com.redhat.rhsa:tst:20151636021
        • comment net-snmp-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150008
      • AND
        • comment net-snmp-python is earlier than 1:5.7.2-20.el7_1.1
          oval oval:com.redhat.rhsa:tst:20151636022
        • comment net-snmp-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150010
      • AND
        • comment net-snmp-sysvinit is earlier than 1:5.7.2-20.el7_1.1
          oval oval:com.redhat.rhsa:tst:20151636023
        • comment net-snmp-sysvinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151636024
      • AND
        • comment net-snmp-utils is earlier than 1:5.7.2-20.el7_1.1
          oval oval:com.redhat.rhsa:tst:20151636025
        • comment net-snmp-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20131150012
rhsa
id RHSA-2015:1636
released 2015-08-17
severity Moderate
title RHSA-2015:1636: net-snmp security update (Moderate)
rpms
  • net-snmp-1:5.5-54.el6_7.1
  • net-snmp-1:5.7.2-20.ael7b_1.1
  • net-snmp-1:5.7.2-20.el7_1.1
  • net-snmp-agent-libs-1:5.7.2-20.ael7b_1.1
  • net-snmp-agent-libs-1:5.7.2-20.el7_1.1
  • net-snmp-debuginfo-1:5.5-54.el6_7.1
  • net-snmp-debuginfo-1:5.7.2-20.ael7b_1.1
  • net-snmp-debuginfo-1:5.7.2-20.el7_1.1
  • net-snmp-devel-1:5.5-54.el6_7.1
  • net-snmp-devel-1:5.7.2-20.ael7b_1.1
  • net-snmp-devel-1:5.7.2-20.el7_1.1
  • net-snmp-gui-1:5.7.2-20.ael7b_1.1
  • net-snmp-gui-1:5.7.2-20.el7_1.1
  • net-snmp-libs-1:5.5-54.el6_7.1
  • net-snmp-libs-1:5.7.2-20.ael7b_1.1
  • net-snmp-libs-1:5.7.2-20.el7_1.1
  • net-snmp-perl-1:5.5-54.el6_7.1
  • net-snmp-perl-1:5.7.2-20.ael7b_1.1
  • net-snmp-perl-1:5.7.2-20.el7_1.1
  • net-snmp-python-1:5.5-54.el6_7.1
  • net-snmp-python-1:5.7.2-20.ael7b_1.1
  • net-snmp-python-1:5.7.2-20.el7_1.1
  • net-snmp-sysvinit-1:5.7.2-20.ael7b_1.1
  • net-snmp-sysvinit-1:5.7.2-20.el7_1.1
  • net-snmp-utils-1:5.5-54.el6_7.1
  • net-snmp-utils-1:5.7.2-20.ael7b_1.1
  • net-snmp-utils-1:5.7.2-20.el7_1.1
refmap via4
confirm https://sourceforge.net/p/net-snmp/bugs/2821/
debian DSA-4154
mlist [debian-lts-announce] 20180326 [SECURITY] [DLA 1317-1] net-snmp security update
Last major update 24-08-2020 - 17:37
Published 07-03-2018 - 14:29
Last modified 24-08-2020 - 17:37
Back to Top