SNMP Vulnerability in Net-SNMP Affecting Multiple Vendors
CVE-2014-3565

Currently unrated

Key Information:

Vendor: Apple
Status: Mac Os X; Ubuntu Linux
Vendor: CVE Published:; 7 October 2014

Summary

The vulnerability in net-snmp versions 5.7.0 and earlier arises when the -OQ option is used, allowing remote attackers to exploit crafted SNMP trap messages. This exploitation leads to the remote execution of a denial of service attack by triggering a crash of the snmptrapd service. Specifically, this occurs due to a type conversion issue in the MIB file, often demonstrated by an unexpected NULL type in an ifMtu trap message, which results in instability of the SNMP service.

References

http://lists.apple.com/archives/security-announce/2015/Oc...

vendor-advisoryx_refsource_APPLE

https://support.apple.com/HT205375

x_refsource_CONFIRM

http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899...

x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 7, 2014
Vulnerability Reserved
May 14, 2014