Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Net-SNMP
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13725
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные DoS условия.
Затронутые продукты:NETSNMP : Net-SNMP 5.5
CVE:CVE-2014-2310 (The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.)
 CVE-2014-2285 (The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.)
 CVE-2014-2284 (The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.)
 CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.)
Оригинальный текстdocumentUBUNTU, [USN-2166-1] Net-SNMP vulnerabilities (04.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород