CVE-2014-2310: Input Validation

First published: Thu Aug 09 2012(Updated: )

It was reported [1],[2]that the AgentX subagent of net-snmp could be stalled when a manager sent a multi-object request with a different number subids. This could lead to a denial of service. This has been corrected upstream in version 5.4.4 [3]; only earlier versiona are affected. This means that Fedora and Red Hat Enterprise Linux 6 are not affected, however Red Hat Enterprise Linux 5 does ship a vulnerable version (5.3.x). [1] <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388</a> [2] <a href="http://seclists.org/oss-sec/2014/q1/513">http://seclists.org/oss-sec/2014/q1/513</a> [3] <a href="http://sourceforge.net/p/net-snmp/patches/1113/">http://sourceforge.net/p/net-snmp/patches/1113/</a> Statement: This issue did not affect the version of the net-snmp packages as shipped with Red Hat Enterprise Linux 6.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/type
• agent/last-modified-date
• agent/first-publish-date
• collector/debian-bugs
• source/Debian
• alias/CVE-2014-2310
• agent/severity
• agent/weakness
• agent/author
• agent/references
• collector/redhat-bugzilla
• source/Red Hat
• agent/software-canonical-lookup
• agent/tags
• agent/event
• agent/description
• collector/security-tracker-debian
• agent/softwarecombine
• collector/mitre-cve
• source/MITRE
• vendor/net-snmp
• canonical/net-snmp net-snmp
• version/net-snmp net-snmp/5.4
• package-manager/redhat
• package-manager/debian