PublicDateAtUSN: 2014-03-24
Candidate: CVE-2014-2284
PublicDate: 2014-03-24 16:43:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2284
 http://www.openwall.com/lists/oss-security/2014/03/05/2
 http://sourceforge.net/p/net-snmp/mailman/message/32026655/
 https://ubuntu.com/security/notices/USN-2166-1
Description:
 The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1,
 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate
 input, which allows remote attackers to cause a denial of service via
 unspecified vectors.
Ubuntu-Description:
Notes:
 mdeslaur> 5.4 is not affected
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1070396
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_net-snmp:
 upstream: http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/
upstream_net-snmp: needed
lucid_net-snmp: not-affected (5.4.2.1~dfsg0ubuntu1-0ubuntu2.2)
precise_net-snmp: not-affected (5.4.3~dfsg-2.4ubuntu1.1)
quantal_net-snmp: not-affected (5.4.3~dfsg-2.5ubuntu1)
saucy_net-snmp: released (5.7.2~dfsg-8ubuntu1.1)
devel_net-snmp: released (5.7.2~dfsg-8.1ubuntu3)