UBUNTU-CVE-2014-3565

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

References

Affected packages

Ubuntu:14.04:LTS / net-snmp

Package

Name: net-snmp
Purl: pkg:deb/ubuntu/net-snmp@5.7.2~dfsg-8.1ubuntu3.1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7.2~dfsg-8.1ubuntu3.1

Affected versions

5.*

5.7.2~dfsg-8ubuntu1

5.7.2~dfsg-8ubuntu2

5.7.2~dfsg-8.1ubuntu1

5.7.2~dfsg-8.1ubuntu2

5.7.2~dfsg-8.1ubuntu3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libsnmp-base",
            "binary_version": "5.7.2~dfsg-8.1ubuntu3.1"
        },
        {
            "binary_name": "libsnmp-dev",
            "binary_version": "5.7.2~dfsg-8.1ubuntu3.1"
        },
        {
            "binary_name": "libsnmp-perl",
            "binary_version": "5.7.2~dfsg-8.1ubuntu3.1"
        },
        {
            "binary_name": "libsnmp30",
            "binary_version": "5.7.2~dfsg-8.1ubuntu3.1"
        },
        {
            "binary_name": "python-netsnmp",
            "binary_version": "5.7.2~dfsg-8.1ubuntu3.1"
        },
        {
            "binary_name": "snmp",
            "binary_version": "5.7.2~dfsg-8.1ubuntu3.1"
        },
        {
            "binary_name": "snmpd",
            "binary_version": "5.7.2~dfsg-8.1ubuntu3.1"
        },
        {
            "binary_name": "tkmib",
            "binary_version": "5.7.2~dfsg-8.1ubuntu3.1"
        }
    ],
    "availability": "No subscription required"
}