CVE-2002-1170 Affecting net-snmp package, versions <5.0.6
Threat Intelligence
EPSS
1.54% (88th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-NETSNMP-310899
- published 11 Oct 2002
- disclosed 11 Oct 2002
Introduced: 11 Oct 2002
CVE-2002-1170 Open this link in a new tabHow to fix?
Upgrade Debian:unstable net-snmp to version 5.0.6 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream net-snmp package and not the net-snmp package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.
References
- https://security-tracker.debian.org/tracker/CVE-2002-1170
- http://sourceforge.net/forum/forum.php?forum_id=216532
- http://marc.info/?l=bugtraq&m=103359362020365&w=2
- http://www.idefense.com/advisory/10.02.02.txt
- http://www.securityfocus.com/bid/5862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10250
- http://www.redhat.com/support/errata/RHSA-2002-228.html
CVSS Scores
version 3.1