FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
381183e8-3798-11e5-9970-14dae9d210b8net-snmp -- snmp_pdu_parse() function incomplete initialization

Qinghao Tang reports:

Incompletely initialized vulnerability exists in the function ‘snmp_pdu_parse()’ of ‘snmp_api.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets.


Discovery 2015-04-11
Entry 2015-07-31
net-snmp
le 5.7.3_7

http://seclists.org/oss-sec/2015/q2/116
http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
https://bugzilla.redhat.com/show_bug.cgi?id=1212408
CVE-2015-5621
3e0072d4-d05b-11d9-9aed-000e0c2e438anet-snmp -- fixproc insecure temporary file creation

A Gentoo advisory reports:

Net-SNMP creates temporary files in an insecure manner, possibly allowing the execution of arbitrary code.

A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten.


Discovery 2005-05-23
Entry 2005-07-09
Modified 2005-07-13
net-snmp
< 5.2.1.2

13715
CVE-2005-1740
http://security.gentoo.org/glsa/glsa-200505-18.xml
4622635f-37a1-11e5-9970-14dae9d210b8net-snmp -- snmptrapd crash

Murray McAllister reports:

A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.


Discovery 2014-07-31
Entry 2015-07-31
net-snmp
ge 5.7.0 le 5.7.2.1

ge 5.6.0 le 5.6.2.1

ge 5.5.0 le 5.5.2.1

ge 5.4.0 le 5.4.4

http://seclists.org/oss-sec/2014/q3/473
http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/
https://sourceforge.net/p/net-snmp/official-patches/48/
CVE-2014-3565
5d85976a-9011-11e1-b5e0-000c299b62e1net-snmp -- Remote DoS

The Red Hat Security Response Team reports:

An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker (having read privileges to the subntree) could use this flaw to cause a denial of service condition via an SNMP GET request involving a non-existent extension table entry.


Discovery 2012-04-26
Entry 2012-04-27
net-snmp
< 5.7.1_7

CVE-2012-2141
https://bugzilla.redhat.com/show_bug.cgi?id=815813
http://www.openwall.com/lists/oss-security/2012/04/26/2
92f86b93-923f-11dc-a2bf-02e081235dabnet-snmp -- denial of service via GETBULK request

CVE reports:

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.


Discovery 2007-11-06
Entry 2007-11-13
Modified 2007-11-14
net-snmp
< 5.3.1_7

CVE-2007-5846
b2a1a3b5-ed95-11d9-8310-0001020eed82net-snmp -- remote DoS vulnerability

A Net-SNMP release announcement reports:

A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agent's which have opened a stream based protocol (EG, TCP but not UDP; it should be noted that Net-SNMP does not by default open a TCP port).


Discovery 2005-07-02
Entry 2005-07-05
Modified 2005-10-26
net-snmp
< 5.2.1.2

14168
CVE-2005-2177
http://marc.theaimsgroup.com/?l=net-snmp-announce&m=112059518426328
daf045d7-b211-11dd-a987-000c29ca8953net-snmp -- DoS for SNMP agent via crafted GETBULK request

Wes Hardaker reports through sourceforge.net forum:

SECURITY ISSUE: A bug in the getbulk handling code could let anyone with even minimal access crash the agent. If you have open access to your snmp agents (bad bad bad; stop doing that!) or if you don't trust everyone that does have access to your agents you should updated immediately to prevent potential denial of service attacks.

Description at cve.mitre.org additionally clarifies:

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.


Discovery 2008-10-12
Entry 2008-11-14
Modified 2009-03-23
net-snmp
gt 5.4 lt 5.4.2.1

gt 5.3 lt 5.3.2.3

CVE-2008-4309
http://sourceforge.net/forum/forum.php?forum_id=882903
http://www.openwall.com/lists/oss-security/2008/10/31/1
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272