FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

net-snmp -- snmptrapd crash

Affected packages
5.7.0 <= net-snmp <= 5.7.2.1
5.6.0 <= net-snmp <= 5.6.2.1
5.5.0 <= net-snmp <= 5.5.2.1
5.4.0 <= net-snmp <= 5.4.4

Details

VuXML ID 4622635f-37a1-11e5-9970-14dae9d210b8
Discovery 2014-07-31
Entry 2015-07-31

Murray McAllister reports:

A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.

References

CVE Name CVE-2014-3565
URL http://seclists.org/oss-sec/2014/q3/473
URL http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/
URL https://sourceforge.net/p/net-snmp/official-patches/48/