oss-sec mailing list archives

CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 26 Apr 2012 13:23:08 +0200

Hello Kurt, Steve, vendors,

  an array index error, leading to out-of heap-based buffer read flaw was found
in the way net-snmp agent performed entries lookup in the extension table. When
certain MIB subtree was handled by the extend directive, a remote attacker
having read privilege to the subtree could use this flaw to cause a denial of
service (snmpd crash) via SNMP GET request involving a non-existent extension
table entry.

References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=815813

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) Jan Lieskovsky (Apr 26)
- Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) Kurt Seifried (Apr 26)