CVE-2014-3565
07.10.2014, 14:55
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apple | mac_os_x | 10.11.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 15.04 |
| net-snmp | net-snmp | 𝑥 ≤ 5.7.0 |
| net-snmp | net-snmp | 5.0 |
| net-snmp | net-snmp | 5.0.1 |
| net-snmp | net-snmp | 5.0.2 |
| net-snmp | net-snmp | 5.0.3 |
| net-snmp | net-snmp | 5.0.4 |
| net-snmp | net-snmp | 5.0.5 |
| net-snmp | net-snmp | 5.0.6 |
| net-snmp | net-snmp | 5.0.7 |
| net-snmp | net-snmp | 5.0.8 |
| net-snmp | net-snmp | 5.0.9 |
| net-snmp | net-snmp | 5.1 |
| net-snmp | net-snmp | 5.1.2 |
| net-snmp | net-snmp | 5.2 |
| net-snmp | net-snmp | 5.3 |
| net-snmp | net-snmp | 5.3.0.1 |
| net-snmp | net-snmp | 5.4 |
| net-snmp | net-snmp | 5.5 |
| net-snmp | net-snmp | 5.6 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| libsnmp30 |
| ||||||||||
| libsnmp30-32bit |
| ||||||||||
| net-snmp |
| ||||||||||
| perl-SNMP |
| ||||||||||
| snmp-mibs |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| net-snmp |
| ||||
| net-snmp-agent-libs |
| ||||
| net-snmp-devel |
| ||||
| net-snmp-gui |
| ||||
| net-snmp-libs |
| ||||
| net-snmp-perl |
| ||||
| net-snmp-python |
| ||||
| net-snmp-sysvinit |
| ||||
| net-snmp-utils |
|
Common Weakness Enumeration
References