BID:53255

Net-SNMP SNMP GET Request Denial of Service Vulnerability

Info

Net-SNMP SNMP GET Request Denial of Service Vulnerability

Bugtraq ID:	53255
Class:	Unknown
CVE:	CVE-2012-2141
Remote:	Yes
Local:	No
Published:	Apr 24 2012 12:00AM
Updated:	Apr 13 2015 10:15PM
Credit:	The vendor reported this issue.
Vulnerable:	Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Net-SNMP Net-SNMP 0 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux CentOS CentOS 5 Avaya Proactive Contact 5.0 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IP Office Application Server 8.1 Avaya IP Office Application Server 8.0 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.1 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura Session Manager 6.2.1 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.2 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Session Manager 1.0 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Communication Manager Utility Services 6.2 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Communication Manager Utility Services 6.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 6.0.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Communication Manager 6.0 Avaya Aura Communication Manager 5.2 Avaya Aura Communication Manager 5.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Application Server 5300 SIP Core 2.1 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2

Not Vulnerable:

Discussion

Net-SNMP SNMP GET Request Denial of Service Vulnerability

Net-SNMP is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users.

Exploit / POC

Net-SNMP SNMP GET Request Denial of Service Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Net-SNMP SNMP GET Request Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

MandrakeSoft Enterprise Server 5

Mandriva libnet-snmp-devel-5.4.2-2.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libnet-snmp-static-devel-5.4.2-2.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libnet-snmp15-5.4.2-2.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva net-snmp-5.4.2-2.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva net-snmp-mibs-5.4.2-2.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva net-snmp-tkmib-5.4.2-2.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva net-snmp-trapd-5.4.2-2.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva net-snmp-utils-5.4.2-2.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva perl-NetSNMP-5.4.2-2.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva Linux Mandrake 2011

Mandriva libnet-snmp-devel-5.6.1-9.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libnet-snmp-static-devel-5.6.1-9.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva libnet-snmp25-5.6.1-9.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva net-snmp-5.6.1-9.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva net-snmp-mibs-5.6.1-9.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva net-snmp-tkmib-5.6.1-9.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva net-snmp-trapd-5.6.1-9.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva net-snmp-utils-5.6.1-9.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva perl-NetSNMP-5.6.1-9.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

Mandriva python-netsnmp-5.6.1-9.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/

References

Net-SNMP SNMP GET Request Denial of Service Vulnerability

References:

Bug 815813 - Array index error, leading to out-of heap-based buffer read (snmpd (Red Hat)
CVE-2012-2141: net-snmp Read out-of-bounds (xorl)
Net-SNMP Homepage (Net-SNMP)
ASA-2013-066: net-snmp security and bug fix update (RHSA-2013-0124) (Avaya)