#2363 CVE-2012-2141Array index error leading to crash

closed
nobody
security (20)
5
2012-11-08
2012-05-14
No

Quoting from http://www.openwall.com/lists/oss-security/2012/04/26/2:

"An array index error, leading to out-of heap-based buffer read flaw was found
in the way net-snmp agent performed entries lookup in the extension table. When
certain MIB subtree was handled by the extend directive, a remote attacker
having read privilege to the subtree could use this flaw to cause a denial of
service (snmpd crash) via SNMP GET request involving a non-existent extension
table entry."

Candidate fix available at https://bugzilla.redhat.com/show_bug.cgi?id=815813#c8

Discussion

  • Robert Story
    Robert Story
    2012-05-15

    Thanks for the bug report!
    We've fixed the problem in the 5.4.x, 5.5.x, 5.6.x and 5.7.x code branch and the main development tree, so it should be fixed in future releases of the Net-SNMP package.