Denial of service vulnerabilities in Net-snmp



Published: 2018-10-11
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-18066
CVE-2018-18065
CWE-ID CWE-476
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Net-snmp
Server applications / Remote management servers, RDP, SSH

Vendor net-snmp.sourceforge.net

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Null pointer dereference

EUVDB-ID: #VU15321

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18066

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists in the snmp_oid_compare() function, as defined in the snmplib/snmp_api.c source code file due to a NULL pointer exception bug. A remote attacker can send a malicious UDP packet, trigger a NULL pointer dereference condition, cause the application to crash.

Mitigation

Update to version 5.8.

Vulnerable software versions

Net-snmp: 5.0 - 5.7.3

External links

http://dumpco.re/blog/net-snmp-5.7.3-remote-dos


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Null pointer dereference

EUVDB-ID: #VU15322

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18065

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists  in the _set_key() function, as defined in the agent/helpers/table_container.c source code file due to a NULL pointer exception bug. A remote attacker can send a malicious UDP packet, trigger a NULL pointer dereference condition, cause the application to crash.

Mitigation

Update to version 5.8.

Vulnerable software versions

Net-snmp: 5.0 - 5.7.3

External links

http://dumpco.re/blog/net-snmp-5.7.3-remote-dos


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###