oss-sec mailing list archives
Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available)
From: Magnus Klaaborg Stubman <magnus () stubman eu>
Date: Wed, 10 Oct 2018 08:38:50 +0200
Hi guys, Yesterday I submitted a change request asking MITRE to mark CVE-2018-18066 as a duplicate of CVE-2015-5621. Thank you for bringing the issue to my attention! Magnus
On 9 Oct 2018, at 11.21, Salvatore Bonaccorso <carnil () debian org> wrote: Hi, On Tue, Oct 09, 2018 at 12:31:32AM +0200, Alexander Bergmann wrote:Hi Magnus, thanks for your report. I can reproduce VULN#2 (CVE-2018-18065) with our net-snmp-5.7.3 version (sle12/sle15). Our net-snmp-5.4.2.1 version seams to be unaffected. Regarding your VULN#1 (CVE-2018-18066) I noticed that the patch was already applied to our code base and CVE-2015-5621 was assigned. The issue was already mentioned here at oss-security. https://www.openwall.com/lists/oss-security/2015/07/31/1 I didn't check the details yet, but if the new CVE is a duplicate, please contact NIST about it.Is it actually the same issue? I'm asking because for instance, there was indeed earlier CVE-2015-5621 and CVE-2018-1000116, which both were adressed with this same commit, but are considered two separate issues. So if CVE-2018-18066 is different from CVE-2015-5621 or CVE-2018-1000116, the assignment would not be a duplicate. Regards, Salvatore
Current thread:
- net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Magnus Klaaborg Stubman (Oct 08)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Alexander Bergmann (Oct 08)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Salvatore Bonaccorso (Oct 09)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Magnus Klaaborg Stubman (Oct 10)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Salvatore Bonaccorso (Oct 09)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Alexander Bergmann (Oct 08)