SB2014092404 - Resource management error in net-snmp (Alpine package)
Published: September 24, 2014
Security Bulletin ID
SB2014092404
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2014-3565)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=952004e3925d2c79bbdc8415aeb08d9c2e57a29a
- https://git.alpinelinux.org/aports/commit/?id=5519a39fbea0572b388d500f23293d7a18304077
- https://git.alpinelinux.org/aports/commit/?id=9b367343d7bfb944d55e3ff06d61c5977f660845
- https://git.alpinelinux.org/aports/commit/?id=9c7199f968a69e8fd93d67764a2820d1eff33007