Vulnerability CVE-2014-2284
Published: 2014-03-24

Description:
The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Net-snmp -> Net-snmp 

 References:
http://www.ubuntu.com/usn/USN-2166-1
http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/
http://secunia.com/advisories/59974
http://secunia.com/advisories/57870
http://secunia.com/advisories/57583
http://secunia.com/advisories/57526
http://secunia.com/advisories/57124
http://rhn.redhat.com/errata/RHSA-2014-0321.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html
http://comments.gmane.org/gmane.comp.security.oss.general/12284
Copyright 2024, cxsecurity.com

 

Back to Top