Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 668402 (CVE-2018-18065)

Summary: net-analyzer/net-snmp: NULL pointer exception causing denial of service (CVE-2018-18065)
Product: Gentoo Security Reporter: Vlad K. <vk-gentoo-bugs>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: netmon
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
See Also: https://bugs.gentoo.org/show_bug.cgi?id=546792
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Vlad K. 2018-10-11 23:17:04 UTC 
"_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service."

* Summary from (DSA-4314-1):
  https://security-tracker.debian.org/tracker/CVE-2018-18065

* Explanation & PoC:
  https://dumpco.re/blog/net-snmp-5.7.3-remote-dos

* Upstream fix:
  https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/


--

Gentoo Security Scout
Vladimir Krstulja
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-04-27 19:27:54 UTC 
AFFECTED
========

- 5.7.3
- 5.6.2.1
- 5.5.2.1

Fixed in:
net-snmp-5.8 or apply the patches

5.8-r1 in tree, please stabilize, or advise if patches have been applied.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-18 17:54:00 UTC 
Looks like tree is now clean.
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-13 17:18:26 UTC 
Tree clean, too long ago to be worth a GLSA.