Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2285

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2285
Last Modified 13 Sep 2014 01:25:27
Published 27 Apr 2014 06:55:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2285

Summary

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.

Vulnerable Systems

Application

  • Net-snmp 5.7.3


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1072778

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1072044

MISC - http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html

CONFIRM - http://sourceforge.net/p/net-snmp/patches/1275/

SUSE - openSUSE-SU-2014:0399

SUSE - openSUSE-SU-2014:0398

MLIST - [oss-security] 20140305 CVE request for two net-snmp remote DoS flaws

REDHAT - RHSA-2014:0322

GENTOO - GLSA-201409-02

SECUNIA - 59974


Last Updated: 27 May 2016 11:06:18