CVE-2014-3565

Published: Oct 7, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

Affected (23)

Products: Apple: Mac Os X · Canonical: Ubuntu Linux · Net Snmp: Net Snmp

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.11.0
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.04

Configuration B

19 vulnerable

Vulnerable Software	Affected Versions
Net Snmp Net Snmp	Up to 5.7.0
Net Snmp Net Snmp	Version 5.0.1
Net Snmp Net Snmp	Version 5.0.2
Net Snmp Net Snmp	Version 5.0.3
Net Snmp Net Snmp	Version 5.0.4
Net Snmp Net Snmp	Version 5.0.5
Net Snmp Net Snmp	Version 5.0.6
Net Snmp Net Snmp	Version 5.0.7
Net Snmp Net Snmp	Version 5.0.8
Net Snmp Net Snmp	Version 5.0.9
Net Snmp Net Snmp	Version 5.0
Net Snmp Net Snmp	Version 5.1.2
Net Snmp Net Snmp	Version 5.1
Net Snmp Net Snmp	Version 5.2
Net Snmp Net Snmp	Version 5.3.0.1
Net Snmp Net Snmp	Version 5.3
Net Snmp Net Snmp	Version 5.4
Net Snmp Net Snmp	Version 5.5
Net Snmp Net Snmp	Version 5.6

Related CWEs

References (22)

http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

Source: secalert@redhat.com

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1385.html

Source: secalert@redhat.com

http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/

Source: secalert@redhat.com

Exploit

http://sourceforge.net/p/net-snmp/official-patches/48/

Source: secalert@redhat.com

Patch

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/69477

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2711-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1125155

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201507-17

Source: secalert@redhat.com

https://support.apple.com/HT205375

Source: secalert@redhat.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1385.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://sourceforge.net/p/net-snmp/official-patches/48/

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/69477

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2711-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1125155

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201507-17

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/HT205375

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.