1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
PublicDateAtUSN: 2014-03-05
Candidate: CVE-2014-2285
PublicDate: 2014-04-27
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285
http://www.openwall.com/lists/oss-security/2014/03/05/2
http://www.ubuntu.com/usn/usn-2166-1
Description:
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in
Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows
remote attackers to cause a denial of service (snmptrapd crash) via an
empty community string in an SNMP trap, which triggers a NULL pointer
dereference within the newSVpv function in Perl.
Ubuntu-Description:
Notes:
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1072778
https://bugzilla.redhat.com/show_bug.cgi?id=1072044
http://sourceforge.net/p/net-snmp/patches/1275/
Priority: medium
Discovered-by: Viliam Púčik
Assigned-to: mdeslaur
Patches_net-snmp:
upstream: http://sourceforge.net/p/net-snmp/code/ci/76e8d6d100320629d8a23be4b0128619600c919d/
upstream_net-snmp: needed
lucid_net-snmp: released (5.4.2.1~dfsg0ubuntu1-0ubuntu2.3)
precise_net-snmp: released (5.4.3~dfsg-2.4ubuntu1.2)
quantal_net-snmp: released (5.4.3~dfsg-2.5ubuntu1.1)
saucy_net-snmp: released (5.7.2~dfsg-8ubuntu1.1)
devel_net-snmp: released (5.7.2~dfsg-8.1ubuntu3)
|