ID CVE-2014-3565
Summary snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
References
Vulnerable Configurations
  • cpe:2.3:o:apple:mac_os_x:10.11.0:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:net-snmp:net-snmp:5.7:*:*:*:*:*:*:*
    cpe:2.3:a:net-snmp:net-snmp:5.7:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-02-2023 - 00:40)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1188295
    title net-snmp snmpd fork() overhead [fix available]
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment net-snmp is earlier than 1:5.5-54.el6
            oval oval:com.redhat.rhsa:tst:20151385001
          • comment net-snmp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150002
        • AND
          • comment net-snmp-devel is earlier than 1:5.5-54.el6
            oval oval:com.redhat.rhsa:tst:20151385003
          • comment net-snmp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150004
        • AND
          • comment net-snmp-libs is earlier than 1:5.5-54.el6
            oval oval:com.redhat.rhsa:tst:20151385005
          • comment net-snmp-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150006
        • AND
          • comment net-snmp-perl is earlier than 1:5.5-54.el6
            oval oval:com.redhat.rhsa:tst:20151385007
          • comment net-snmp-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150008
        • AND
          • comment net-snmp-python is earlier than 1:5.5-54.el6
            oval oval:com.redhat.rhsa:tst:20151385009
          • comment net-snmp-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150010
        • AND
          • comment net-snmp-utils is earlier than 1:5.5-54.el6
            oval oval:com.redhat.rhsa:tst:20151385011
          • comment net-snmp-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150012
    rhsa
    id RHSA-2015:1385
    released 2015-07-20
    severity Moderate
    title RHSA-2015:1385: net-snmp security and bug fix update (Moderate)
  • bugzilla
    id 1252053
    title net-snmp does not display correct lm_sensors sensor data / missing CPU cores
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment net-snmp is earlier than 1:5.7.2-24.el7
            oval oval:com.redhat.rhsa:tst:20152345001
          • comment net-snmp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150002
        • AND
          • comment net-snmp-agent-libs is earlier than 1:5.7.2-24.el7
            oval oval:com.redhat.rhsa:tst:20152345003
          • comment net-snmp-agent-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20201376004
        • AND
          • comment net-snmp-devel is earlier than 1:5.7.2-24.el7
            oval oval:com.redhat.rhsa:tst:20152345005
          • comment net-snmp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150004
        • AND
          • comment net-snmp-gui is earlier than 1:5.7.2-24.el7
            oval oval:com.redhat.rhsa:tst:20152345007
          • comment net-snmp-gui is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151636019
        • AND
          • comment net-snmp-libs is earlier than 1:5.7.2-24.el7
            oval oval:com.redhat.rhsa:tst:20152345009
          • comment net-snmp-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150006
        • AND
          • comment net-snmp-perl is earlier than 1:5.7.2-24.el7
            oval oval:com.redhat.rhsa:tst:20152345011
          • comment net-snmp-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150008
        • AND
          • comment net-snmp-python is earlier than 1:5.7.2-24.el7
            oval oval:com.redhat.rhsa:tst:20152345013
          • comment net-snmp-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150010
        • AND
          • comment net-snmp-sysvinit is earlier than 1:5.7.2-24.el7
            oval oval:com.redhat.rhsa:tst:20152345015
          • comment net-snmp-sysvinit is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151636024
        • AND
          • comment net-snmp-utils is earlier than 1:5.7.2-24.el7
            oval oval:com.redhat.rhsa:tst:20152345017
          • comment net-snmp-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20131150012
    rhsa
    id RHSA-2015:2345
    released 2015-11-19
    severity Moderate
    title RHSA-2015:2345: net-snmp security and bug fix update (Moderate)
rpms
  • net-snmp-1:5.5-54.el6
  • net-snmp-debuginfo-1:5.5-54.el6
  • net-snmp-devel-1:5.5-54.el6
  • net-snmp-libs-1:5.5-54.el6
  • net-snmp-perl-1:5.5-54.el6
  • net-snmp-python-1:5.5-54.el6
  • net-snmp-utils-1:5.5-54.el6
  • net-snmp-1:5.7.2-24.el7
  • net-snmp-agent-libs-1:5.7.2-24.el7
  • net-snmp-debuginfo-1:5.7.2-24.el7
  • net-snmp-devel-1:5.7.2-24.el7
  • net-snmp-gui-1:5.7.2-24.el7
  • net-snmp-libs-1:5.7.2-24.el7
  • net-snmp-perl-1:5.7.2-24.el7
  • net-snmp-python-1:5.7.2-24.el7
  • net-snmp-sysvinit-1:5.7.2-24.el7
  • net-snmp-utils-1:5.7.2-24.el7
refmap via4
apple APPLE-SA-2015-10-21-4
bid 69477
confirm
gentoo GLSA-201507-17
suse openSUSE-SU-2014:1108
ubuntu USN-2711-1
Last major update 13-02-2023 - 00:40
Published 07-10-2014 - 14:55
Last modified 13-02-2023 - 00:40
Back to Top