FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
daf045d7-b211-11dd-a987-000c29ca8953net-snmp -- DoS for SNMP agent via crafted GETBULK request

Wes Hardaker reports through sourceforge.net forum:

SECURITY ISSUE: A bug in the getbulk handling code could let anyone with even minimal access crash the agent. If you have open access to your snmp agents (bad bad bad; stop doing that!) or if you don't trust everyone that does have access to your agents you should updated immediately to prevent potential denial of service attacks.

Description at cve.mitre.org additionally clarifies:

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.


Discovery 2008-10-12
Entry 2008-11-14
Modified 2009-03-23
net-snmp
gt 5.4 lt 5.4.2.1

gt 5.3 lt 5.3.2.3

CVE-2008-4309
http://sourceforge.net/forum/forum.php?forum_id=882903
http://www.openwall.com/lists/oss-security/2008/10/31/1
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272
381183e8-3798-11e5-9970-14dae9d210b8net-snmp -- snmp_pdu_parse() function incomplete initialization

Qinghao Tang reports:

Incompletely initialized vulnerability exists in the function ‘snmp_pdu_parse()’ of ‘snmp_api.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets.


Discovery 2015-04-11
Entry 2015-07-31
net-snmp
le 5.7.3_7

http://seclists.org/oss-sec/2015/q2/116
http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
https://bugzilla.redhat.com/show_bug.cgi?id=1212408
CVE-2015-5621
92f86b93-923f-11dc-a2bf-02e081235dabnet-snmp -- denial of service via GETBULK request

CVE reports:

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.


Discovery 2007-11-06
Entry 2007-11-13
Modified 2007-11-14
net-snmp
< 5.3.1_7

CVE-2007-5846
5d85976a-9011-11e1-b5e0-000c299b62e1net-snmp -- Remote DoS

The Red Hat Security Response Team reports:

An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker (having read privileges to the subntree) could use this flaw to cause a denial of service condition via an SNMP GET request involving a non-existent extension table entry.


Discovery 2012-04-26
Entry 2012-04-27
net-snmp
< 5.7.1_7

CVE-2012-2141
https://bugzilla.redhat.com/show_bug.cgi?id=815813
http://www.openwall.com/lists/oss-security/2012/04/26/2