Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-5621

The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.

Related bugs and status

CVE-2015-5621 (Candidate) is related to these bugs:

Bug #1712569: net-snmp: please merge with Debian's 5.7.3+dfsg-1.7

Summary				In	Importance	Status
	1712569	net-snmp: please merge with Debian's 5.7.3+dfsg-1.7		net-snmp (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015041...
MLIST: [oss-security] 2015041...
MLIST: [oss-security] 2015073...
CONFIRM: http://sourceforge.net...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://sourceforge.ne...
REDHAT: RHSA-2015:1636
UBUNTU: USN-2711-1
BID: 76380
CONFIRM: http://support.citrix....
SUSE: openSUSE-SU-2015:1502
SECTRACK: 1033304
DEBIAN: DSA-4154
EXPLOIT-DB: 45547
CONFIRM: https://cert-portal.si...