Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Net-SNMP: denial of service via snmptrapd

September 2014 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can send a malicious SNMP TRAP packet to snmptrapd of
Net-SNMP with "-OQ", in order to trigger a denial of service.

Impacted products: Fedora, Net-SNMP, openSUSE

Severity: 2/4

Creation date: 01/09/2014

DESCRIPTION OF THE VULNERABILITY

The Net-SNMP snmptrapd daemon supports the "-OQ" option, which
indicates to not display the type (Timeticks, Integer, etc.).

However, in this case, display functions interpret data from
packet (for example NULL) with the type of the MIB (for example
Integer), which stops the daemon.

An attacker can therefore send a malicious SNMP TRAP packet to
snmptrapd of Net-SNMP with "-OQ", in order to trigger a denial of
service.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Net-SNMP-denial-of-service-via-snmptrapd-15248


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts