7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.082 Low
EPSS
Percentile
94.4%
Severity: High
Date : 2018-10-17
CVE-ID : CVE-2015-5621 CVE-2018-18065
Package : net-snmp
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-777
The package net-snmp before version 5.8-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.
Upgrade to 5.8-1.
The problems have been fixed upstream in version 5.8.
None.
It was discovered that in net-snmp before 5.8 the snmp_pdu_parse()
function could leave incompletely parsed varBind variables in the list
of variables. A remote, unauthenticated attacker could use this flaw to
crash snmpd or potentially execute arbitrary code on the system with
the privileges of the user running snmpd.
A denial of service vulnerability has been discovered in net-snmp
before 5.8. The _set_key function in agent/helpers/table_container.c
has a NULL pointer exception bug that can be used by an authenticated
attacker to remotely cause the instance to crash via a crafted UDP
packet, resulting in denial of service.
A remote unauthenticated attacker is able to crash snmpd or potentially
execute arbitrary code on the system by sending specially crafted
packets.
https://seclists.org/oss-sec/2018/q4/24
https://sourceforge.net/p/net-snmp/bugs/2615/
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791
https://www.openwall.com/lists/oss-security/2015/04/13/1
https://bugzilla.redhat.com/show_bug.cgi?id=1212408
https://sourceforge.net/p/net-snmp/bugs/2743/
https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d
https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
https://security.archlinux.org/CVE-2015-5621
https://security.archlinux.org/CVE-2018-18065
bugzilla.redhat.com/show_bug.cgi?id=1212408
dumpco.re/blog/net-snmp-5.7.3-remote-dos
seclists.org/oss-sec/2018/q4/24
security.archlinux.org/AVG-777
security.archlinux.org/CVE-2015-5621
security.archlinux.org/CVE-2018-18065
sourceforge.net/p/net-snmp/bugs/2615/
sourceforge.net/p/net-snmp/bugs/2743/
sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d
sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791
www.openwall.com/lists/oss-security/2015/04/13/1
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.082 Low
EPSS
Percentile
94.4%