oss-sec mailing list archives
Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 26 Apr 2012 09:39:34 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/26/2012 05:23 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, an array index error, leading to out-of heap-based buffer read flaw was found in the way net-snmp agent performed entries lookup in the extension table. When certain MIB subtree was handled by the extend directive, a remote attacker having read privilege to the subtree could use this flaw to cause a denial of service (snmpd crash) via SNMP GET request involving a non-existent extension table entry. References: [1] https://bugzilla.redhat.com/show_bug.cgi?id=815813 Could you allocate a CVE id for this?
Please use CVE-2012-2141 for this issue.
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPmWw2AAoJEBYNRVNeJnmTZRkQALNCqp/jV5VOiC2+MGnXgvxp ZPFY7RZ1oCUvJ/A7XIfaJZ9ark8gQjqxwZP1MbG4rR3RzjfCzg1tL4OSyxvig2PK g/yprHw837sauFuill+A+2pPrTx8A9xqehGWgJzSJUHdjhgmhV+FN4CN13WGBpJo jk6yVmEJDsKSloHSeO78Z8yV4cGYO/XdUkWUpU9N+zaNBco5nGQCR+Hd/Ny59MNS 1byWgoGczkmexZtoIMAJGxoW4baYhjemzNvv4x7hIb2ttL3IW2UTwq2BCee1Udx7 wpovVy899PJ2qsFDVuiylGniHcK+QwOVMzdVRyWZlHNRv40KpINFFrjm9oGb2Ewt X0tKZfoZcbz9ad7PV/MQLYyu2R3mMXPFDx/a0wXMXyQs3LJ2B0dgHjqg6noepqJk MCftVMIUuzsU9PcTIL78w3g0JVFmk1KZOsPj1DY+zAP0qg7oDN/eOkIf8L2k28// ny+85VQBz1AXU37Hp9L0daGGOOuDg7lBinVA+aXNEPvFGr4SpD95lfmO1kkfFpeQ 2dabg/GBVJQjppzLEC/3U7h9QQV25hE0eqJL4BWLveNZfCLZhW4zIcLJXsUECinY 2QYyZcPC9zyBHRiiWaJAaD13yvMXA4ynQeKuiWUCXVdpEFmVXxCgNCiwJSNlwYdF F5sn+Mo8VNctTgSPundu =rlKK -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) Jan Lieskovsky (Apr 26)
- Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) Kurt Seifried (Apr 26)