CVE-2012-2141
First published: Tue Apr 24 2012(Updated: )
Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS Net-SNMP Agent Libraries | =5.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2012/04/26/2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=816549
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=580443&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=580443&action=edit
- https://sourceforge.net/tracker/index.php?func=detail&aid=3526549&group_id=12694&atid=112694
- https://rhn.redhat.com/errata/RHSA-2012-0876.html
- https://rhn.redhat.com/errata/RHSA-2013-0124.html
- https://bugzilla.redhat.com/show_bug.cgi?id=815813
- http://rhn.redhat.com/errata/RHSA-2013-0124.html
- http://secunia.com/advisories/48938
- http://secunia.com/advisories/59974
- http://support.citrix.com/article/CTX139049
- http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
- http://www.openwall.com/lists/oss-security/2012/04/26/3
- http://www.securityfocus.com/bid/53255
- http://www.securityfocus.com/bid/53258
- http://www.securitytracker.com/id?1026984
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75169
Frequently Asked Questions
What is the severity of CVE-2012-2141?
CVE-2012-2141 is classified as a denial of service vulnerability.
How do I fix CVE-2012-2141?
To fix CVE-2012-2141, upgrade to a version of Net-SNMP later than 5.7.1 that addresses this vulnerability.
What type of attack can be executed using CVE-2012-2141?
An attacker can exploit CVE-2012-2141 to cause out-of-bounds reads and potentially crash the snmpd service.
Who is affected by CVE-2012-2141?
CVE-2012-2141 affects remote authenticated users of Net-SNMP version 5.7.1.
What component of Net-SNMP contains the vulnerability identified as CVE-2012-2141?
The vulnerability in CVE-2012-2141 is found in the handle_nsExtendOutput2Table function within the agent/mibgroup/agent/extend.c file.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-2141
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/net-snmp
- canonical/centos net-snmp agent libraries
- version/centos net-snmp agent libraries/5.7.1