oss-sec mailing list archives
Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available)
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 9 Oct 2018 11:21:02 +0200
Hi, On Tue, Oct 09, 2018 at 12:31:32AM +0200, Alexander Bergmann wrote:
Hi Magnus, thanks for your report. I can reproduce VULN#2 (CVE-2018-18065) with our net-snmp-5.7.3 version (sle12/sle15). Our net-snmp-5.4.2.1 version seams to be unaffected. Regarding your VULN#1 (CVE-2018-18066) I noticed that the patch was already applied to our code base and CVE-2015-5621 was assigned. The issue was already mentioned here at oss-security. https://www.openwall.com/lists/oss-security/2015/07/31/1 I didn't check the details yet, but if the new CVE is a duplicate, please contact NIST about it.
Is it actually the same issue? I'm asking because for instance, there was indeed earlier CVE-2015-5621 and CVE-2018-1000116, which both were adressed with this same commit, but are considered two separate issues. So if CVE-2018-18066 is different from CVE-2015-5621 or CVE-2018-1000116, the assignment would not be a duplicate. Regards, Salvatore
Current thread:
- net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Magnus Klaaborg Stubman (Oct 08)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Alexander Bergmann (Oct 08)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Salvatore Bonaccorso (Oct 09)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Magnus Klaaborg Stubman (Oct 10)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Salvatore Bonaccorso (Oct 09)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Alexander Bergmann (Oct 08)