Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 668402 (CVE-2018-18065) - net-analyzer/net-snmp: NULL pointer exception causing denial of service (CVE-2018-18065)
Summary: net-analyzer/net-snmp: NULL pointer exception causing denial of service (CVE-...
Status: RESOLVED FIXED
Alias: CVE-2018-18065
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://dumpco.re/blog/net-snmp-5.7.3...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-11 23:17 UTC by Vlad K.
Modified: 2020-06-13 17:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vlad K. 2018-10-11 23:17:04 UTC
"_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service."

* Summary from (DSA-4314-1):
  https://security-tracker.debian.org/tracker/CVE-2018-18065

* Explanation & PoC:
  https://dumpco.re/blog/net-snmp-5.7.3-remote-dos

* Upstream fix:
  https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/


--

Gentoo Security Scout
Vladimir Krstulja
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 19:27:54 UTC
AFFECTED
========

- 5.7.3
- 5.6.2.1
- 5.5.2.1

Fixed in:
net-snmp-5.8 or apply the patches

5.8-r1 in tree, please stabilize, or advise if patches have been applied.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-18 17:54:00 UTC
Looks like tree is now clean.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-13 17:18:26 UTC
Tree clean, too long ago to be worth a GLSA.