Resource Management Errors Affecting net-snmp package, versions <5.7.2.1~dfsg-3
Threat Intelligence
EPSS
13.21% (96th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-NETSNMP-310843
- published 13 Dec 2013
- disclosed 13 Dec 2013
Introduced: 13 Dec 2013
CVE-2012-6151 Open this link in a new tabHow to fix?
Upgrade Debian:unstable net-snmp to version 5.7.2.1~dfsg-3 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream net-snmp package and not the net-snmp package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
References
- https://security-tracker.debian.org/tracker/CVE-2012-6151
- https://support.apple.com/HT205375
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
- http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://sourceforge.net/p/net-snmp/bugs/2411/
- http://seclists.org/oss-sec/2013/q4/398
- http://seclists.org/oss-sec/2013/q4/415
- https://bugzilla.redhat.com/show_bug.cgi?id=1038007
- https://rhn.redhat.com/errata/RHSA-2014-0322.html
- http://secunia.com/advisories/55804
- http://secunia.com/advisories/57870
- http://secunia.com/advisories/59974
- http://www.securityfocus.com/bid/64048
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-6151
- http://www.ubuntu.com/usn/USN-2166-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89485
CVSS Scores
version 3.1