FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
daf045d7-b211-11dd-a987-000c29ca8953net-snmp -- DoS for SNMP agent via crafted GETBULK request

Wes Hardaker reports through sourceforge.net forum:

SECURITY ISSUE: A bug in the getbulk handling code could let anyone with even minimal access crash the agent. If you have open access to your snmp agents (bad bad bad; stop doing that!) or if you don't trust everyone that does have access to your agents you should updated immediately to prevent potential denial of service attacks.

Description at cve.mitre.org additionally clarifies:

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.


Discovery 2008-10-12
Entry 2008-11-14
Modified 2009-03-23
net-snmp
gt 5.4 lt 5.4.2.1

gt 5.3 lt 5.3.2.3

CVE-2008-4309
http://sourceforge.net/forum/forum.php?forum_id=882903
http://www.openwall.com/lists/oss-security/2008/10/31/1
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/tags/Ext-5-2-5-1/net-snmp/agent/snmp_agent.c?r1=17271&r2=17272&pathrev=17272
4622635f-37a1-11e5-9970-14dae9d210b8net-snmp -- snmptrapd crash

Murray McAllister reports:

A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.


Discovery 2014-07-31
Entry 2015-07-31
net-snmp
ge 5.7.0 le 5.7.2.1

ge 5.6.0 le 5.6.2.1

ge 5.5.0 le 5.5.2.1

ge 5.4.0 le 5.4.4

http://seclists.org/oss-sec/2014/q3/473
http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/
https://sourceforge.net/p/net-snmp/official-patches/48/
CVE-2014-3565
5d85976a-9011-11e1-b5e0-000c299b62e1net-snmp -- Remote DoS

The Red Hat Security Response Team reports:

An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker (having read privileges to the subntree) could use this flaw to cause a denial of service condition via an SNMP GET request involving a non-existent extension table entry.


Discovery 2012-04-26
Entry 2012-04-27
net-snmp
< 5.7.1_7

CVE-2012-2141
https://bugzilla.redhat.com/show_bug.cgi?id=815813
http://www.openwall.com/lists/oss-security/2012/04/26/2
381183e8-3798-11e5-9970-14dae9d210b8net-snmp -- snmp_pdu_parse() function incomplete initialization

Qinghao Tang reports:

Incompletely initialized vulnerability exists in the function ‘snmp_pdu_parse()’ of ‘snmp_api.c', and remote attackers can cause memory leak, DOS and possible command executions by sending malicious packets.


Discovery 2015-04-11
Entry 2015-07-31
net-snmp
le 5.7.3_7

http://seclists.org/oss-sec/2015/q2/116
http://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
https://bugzilla.redhat.com/show_bug.cgi?id=1212408
CVE-2015-5621