Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 522062 (CVE-2014-3565) - <net-analyzer/net-snmp-5.7.3_pre5-r1: snmptrapd crashes when handling an SNMP trap containing a ifMtu with a NULL type (CVE-2014-3565)
Summary: <net-analyzer/net-snmp-5.7.3_pre5-r1: snmptrapd crashes when handling an SNMP...
Alias: CVE-2014-3565
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa cve]
Depends on:
Reported: 2014-09-03 14:50 UTC by Agostino Sarubbo
Modified: 2015-07-10 13:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-09-03 14:50:12 UTC
From ${URL} :

A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when 
started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL 
type where an integer variable type was expected, it would cause snmptrapd to crash.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2014-09-04 20:12:07 UTC
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2014-09-05 18:38:29 UTC
Stable for HPPA.
Comment 3 Agostino Sarubbo gentoo-dev 2014-09-06 15:36:13 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2014-09-06 15:36:44 UTC
x86 stable
Comment 5 Markus Meier gentoo-dev 2014-09-09 19:04:00 UTC
arm stable
Comment 6 Agostino Sarubbo gentoo-dev 2014-09-13 17:35:28 UTC
alpha stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-09-13 17:38:51 UTC
ia64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-09-14 07:48:17 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-09-14 07:51:53 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2014-09-19 10:31:15 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2014-10-05 20:07:17 UTC
Arches and Maintainer(s), Thank you for your work.

GLSA Vote: Yes
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2015-01-04 00:49:24 UTC
CVE-2014-3565 (
  snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used,
  allows remote attackers to cause a denial of service (snmptrapd crash) via a
  crafted SNMP trap message, which triggers a conversion to the variable type
  designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap
Comment 13 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-05-11 16:23:18 UTC
GLSA Vote: Yes, new request filed
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 13:18:35 UTC
This issue was resolved and addressed in
 GLSA 201507-17 at
by GLSA coordinator Mikle Kolyada (Zlogene).