CVE-2014-2285 - OpenCVE

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Net-snmp	Net-snmp

Configuration 1 [-]

cpe:2.3:a:net-snmp:net-snmp:*:pre1:*:*:*:*:*:*

References

Link	Resource
http://comments.gmane.org/gmane.comp.security.oss.general/12284
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html
http://secunia.com/advisories/59974
http://sourceforge.net/p/net-snmp/patches/1275/
http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html
https://bugzilla.redhat.com/show_bug.cgi?id=1072044	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1072778
https://rhn.redhat.com/errata/RHSA-2014-0322.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-04-27T22:00:00

Updated: 2016-12-06T18:57:01

Reserved: 2014-03-05T00:00:00

Link: CVE-2014-2285

JSON object: View

NVD Information

Status : Modified

Published: 2014-04-27T22:55:05.990

Modified: 2016-12-08T03:05:33.400

Link: CVE-2014-2285

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-03T00:00:00", "descriptions": [{"lang": "en", "value": "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-06T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072778"}, {"name": "openSUSE-SU-2014:0398", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html"}, {"name": "openSUSE-SU-2014:0399", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html"}, {"name": "RHSA-2014:0322", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2014-0322.html"}, {"name": "59974", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59974"}, {"name": "GLSA-201409-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/p/net-snmp/patches/1275/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"}, {"tags": ["x_refsource_MISC"], "url": "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072044"}, {"name": "[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://comments.gmane.org/gmane.comp.security.oss.general/12284"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2285", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072778", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072778"}, {"name": "openSUSE-SU-2014:0398", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html"}, {"name": "openSUSE-SU-2014:0399", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html"}, {"name": "RHSA-2014:0322", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2014-0322.html"}, {"name": "59974", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59974"}, {"name": "GLSA-201409-02", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml"}, {"name": "http://sourceforge.net/p/net-snmp/patches/1275/", "refsource": "CONFIRM", "url": "http://sourceforge.net/p/net-snmp/patches/1275/"}, {"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"}, {"name": "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html", "refsource": "MISC", "url": "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072044", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072044"}, {"name": "[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws", "refsource": "MLIST", "url": "http://comments.gmane.org/gmane.comp.security.oss.general/12284"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2285", "datePublished": "2014-04-27T22:00:00", "dateReserved": "2014-03-05T00:00:00", "dateUpdated": "2016-12-06T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:net-snmp:net-snmp:*:pre1:*:*:*:*:*:*", "matchCriteriaId": "89FC8972-CB5F-4501-B8E8-C3520E36CB8F", "versionEndIncluding": "5.7.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl."}, {"lang": "es", "value": "La funci\u00f3n perl_trapd_handler en perl/TrapReceiver/TrapReceiver.xs en Net-SNMP 5.7.3.pre3 y anteriores, cuando utiliza ciertas versiones Perl, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de snmptrapd) a trav\u00e9s de una cadena de comunidad vac\u00eda en una trampa SNMP, lo que provoca una referencia a puntero nulo dentro de la funci\u00f3n newSVpv en Perl."}], "id": "CVE-2014-2285", "lastModified": "2016-12-08T03:05:33.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-27T22:55:05.990", "references": [{"source": "cve@mitre.org", "url": "http://comments.gmane.org/gmane.comp.security.oss.general/12284"}, {"source": "cve@mitre.org", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/59974"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/p/net-snmp/patches/1275/"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml"}, {"source": "cve@mitre.org", "url": "http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072044"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072778"}, {"source": "cve@mitre.org", "url": "https://rhn.redhat.com/errata/RHSA-2014-0322.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}