PublicDateAtUSN: 2014-10-07
Candidate: CVE-2014-3565
PublicDate: 2014-10-07 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565
 https://ubuntu.com/security/notices/USN-2711-1
Description:
 snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used,
 allows remote attackers to cause a denial of service (snmptrapd crash) via
 a crafted SNMP trap message, which triggers a conversion to the variable
 type designated in the MIB file, as demonstrated by a NULL type in an ifMtu
 trap message.
Ubuntu-Description:
Notes:
 jdstrand> per upstream, -OQ option is uncommon
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760132
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_net-snmp:
 upstream: http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/
upstream_net-snmp: needs-triage
lucid_net-snmp: ignored (reached end-of-life)
precise_net-snmp: released (5.4.3~dfsg-2.4ubuntu1.3)
trusty_net-snmp: released (5.7.2~dfsg-8.1ubuntu3.1)
trusty/esm_net-snmp: released (5.7.2~dfsg-8.1ubuntu3.1)
utopic_net-snmp: ignored (reached end-of-life)
vivid_net-snmp: released (5.7.2~dfsg-8.1ubuntu5.1)
devel_net-snmp: released (5.7.3+dfsg-1ubuntu1)