FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

net-snmp -- Remote DoS

Affected packages
net-snmp < 5.7.1_7

Details

VuXML ID 5d85976a-9011-11e1-b5e0-000c299b62e1
Discovery 2012-04-26
Entry 2012-04-27

The Red Hat Security Response Team reports:

An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker (having read privileges to the subntree) could use this flaw to cause a denial of service condition via an SNMP GET request involving a non-existent extension table entry.

References

CVE Name CVE-2012-2141
URL http://www.openwall.com/lists/oss-security/2012/04/26/2
URL https://bugzilla.redhat.com/show_bug.cgi?id=815813