FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3e0072d4-d05b-11d9-9aed-000e0c2e438anet-snmp -- fixproc insecure temporary file creation

A Gentoo advisory reports:

Net-SNMP creates temporary files in an insecure manner, possibly allowing the execution of arbitrary code.

A malicious local attacker could exploit a race condition to change the content of the temporary files before they are executed by fixproc, possibly leading to the execution of arbitrary code. A local attacker could also create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When fixproc is executed, this would result in the file being overwritten.


Discovery 2005-05-23
Entry 2005-07-09
Modified 2005-07-13
net-snmp
< 5.2.1.2

13715
CVE-2005-1740
http://security.gentoo.org/glsa/glsa-200505-18.xml
381183e8-3798-11e5-9970-14dae9d210b8net-snmp -- snmp_pdu_parse() function incomplete initialization

Qinghao Tang reports:

Incompletely initialized vulnerability exists in the function ‘snmp_pdu_parse()’ of ‘snmp_api.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets.


Discovery 2015-04-11
Entry 2015-07-31
net-snmp
le 5.7.3_7

http://seclists.org/oss-sec/2015/q2/116
http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
https://bugzilla.redhat.com/show_bug.cgi?id=1212408
CVE-2015-5621
5d85976a-9011-11e1-b5e0-000c299b62e1net-snmp -- Remote DoS

The Red Hat Security Response Team reports:

An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker (having read privileges to the subntree) could use this flaw to cause a denial of service condition via an SNMP GET request involving a non-existent extension table entry.


Discovery 2012-04-26
Entry 2012-04-27
net-snmp
< 5.7.1_7

CVE-2012-2141
https://bugzilla.redhat.com/show_bug.cgi?id=815813
http://www.openwall.com/lists/oss-security/2012/04/26/2
92f86b93-923f-11dc-a2bf-02e081235dabnet-snmp -- denial of service via GETBULK request

CVE reports:

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.


Discovery 2007-11-06
Entry 2007-11-13
Modified 2007-11-14
net-snmp
< 5.3.1_7

CVE-2007-5846
b2a1a3b5-ed95-11d9-8310-0001020eed82net-snmp -- remote DoS vulnerability

A Net-SNMP release announcement reports:

A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agent's which have opened a stream based protocol (EG, TCP but not UDP; it should be noted that Net-SNMP does not by default open a TCP port).


Discovery 2005-07-02
Entry 2005-07-05
Modified 2005-10-26
net-snmp
< 5.2.1.2

14168
CVE-2005-2177
http://marc.theaimsgroup.com/?l=net-snmp-announce&m=112059518426328