Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2141

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-2141
Last Modified 13 Sep 2014 01:01:53
Published 14 Aug 2012 06:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-2141

Summary

Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.

Vulnerable Systems

Application

  • Net-snmp 5.7.1


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=815813

XF - netsnmp-snmpget-dos(75169)

SECTRACK - 1026984

BID - 53258

BID - 53255

MLIST - [oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)

MLIST - [oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)

SECUNIA - 48938

REDHAT - RHSA-2013:0124

CONFIRM - http://support.citrix.com/article/CTX139049

GENTOO - GLSA-201409-02

SECUNIA - 59974

Related Patches

Red Hat 2013:0124-01 RHSA Moderate: net-snmp security and bug fix update for RHEL 5 x86

Novell SUSE 2012:6517 libsnmp15 security update for SLE 11 SP1 i586

Novell SUSE 2012:6517 libsnmp15 security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8153 net-snmp security update for SLE 10 SP4 i586

Novell SUSE 2012:8153 net-snmp security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:06:18