FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-2141

This CVE name corresponds to:

Entered Topic
2012-04-27 net-snmp -- Remote DoS

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-2141 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-2141
Phase Assigned(20120404)

Description

Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.

References

Source Reference
MLIST [oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
MLIST [oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
MISC https://bugzilla.redhat.com/show_bug.cgi?id=815813
CONFIRM http://support.citrix.com/article/CTX139049
GENTOO GLSA-201409-02
REDHAT RHSA-2013:0124
BID 53255
BID 53258
SECTRACK 1026984
SECUNIA 48938
SECUNIA 59974
XF netsnmp-snmpget-dos(75169)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.