Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash)

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/26/2012 05:23 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
>
> an array index error, leading to out-of heap-based buffer read
> flaw was found in the way net-snmp agent performed entries lookup
> in the extension table. When certain MIB subtree was handled by the
> extend directive, a remote attacker having read privilege to the
> subtree could use this flaw to cause a denial of service (snmpd
> crash) via SNMP GET request involving a non-existent extension 
> table entry.
>
> References: [1] https://bugzilla.redhat.com/show_bug.cgi?id=815813
>
> Could you allocate a CVE id for this?

Please use CVE-2012-2141 for this issue.

> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPmWw2AAoJEBYNRVNeJnmTZRkQALNCqp/jV5VOiC2+MGnXgvxp
ZPFY7RZ1oCUvJ/A7XIfaJZ9ark8gQjqxwZP1MbG4rR3RzjfCzg1tL4OSyxvig2PK
g/yprHw837sauFuill+A+2pPrTx8A9xqehGWgJzSJUHdjhgmhV+FN4CN13WGBpJo
jk6yVmEJDsKSloHSeO78Z8yV4cGYO/XdUkWUpU9N+zaNBco5nGQCR+Hd/Ny59MNS
1byWgoGczkmexZtoIMAJGxoW4baYhjemzNvv4x7hIb2ttL3IW2UTwq2BCee1Udx7
wpovVy899PJ2qsFDVuiylGniHcK+QwOVMzdVRyWZlHNRv40KpINFFrjm9oGb2Ewt
X0tKZfoZcbz9ad7PV/MQLYyu2R3mMXPFDx/a0wXMXyQs3LJ2B0dgHjqg6noepqJk
MCftVMIUuzsU9PcTIL78w3g0JVFmk1KZOsPj1DY+zAP0qg7oDN/eOkIf8L2k28//
ny+85VQBz1AXU37Hp9L0daGGOOuDg7lBinVA+aXNEPvFGr4SpD95lfmO1kkfFpeQ
2dabg/GBVJQjppzLEC/3U7h9QQV25hE0eqJL4BWLveNZfCLZhW4zIcLJXsUECinY
2QYyZcPC9zyBHRiiWaJAaD13yvMXA4ynQeKuiWUCXVdpEFmVXxCgNCiwJSNlwYdF
F5sn+Mo8VNctTgSPundu
=rlKK
-----END PGP SIGNATURE-----