Candidate: CVE-2018-18066
PublicDate: 2018-10-08 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18066
 https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
Description:
 snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL
 Pointer Exception bug that can be used by an unauthenticated attacker to
 remotely cause the instance to crash via a crafted UDP packet, resulting in
 Denial of Service.
Ubuntu-Description:
Notes:
 mdeslaur> this is a duplicate of CVE-2015-5621 which was fixed in
 mdeslaur> USN-2711-1
 mdeslaur> 0025-Bug-788964-net-snmp-snmp_pdu_parse-DoS.patch in bionic
 mdeslaur> CVE-2015-5621.patch in xenial
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_net-snmp:
 upstream: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
upstream_net-snmp: released (5.7.3+dfsg-1.1)
precise/esm_net-snmp: not-affected (5.4.3~dfsg-2.4ubuntu1.3)
trusty_net-snmp: not-affected (5.7.2~dfsg-8.1ubuntu3.1)
trusty/esm_net-snmp: not-affected (5.7.2~dfsg-8.1ubuntu3.1)
xenial_net-snmp: not-affected (5.7.3+dfsg-1ubuntu1)
esm-infra/xenial_net-snmp: not-affected (5.7.3+dfsg-1ubuntu1)
bionic_net-snmp: not-affected (5.7.3+dfsg-1.8ubuntu3)
devel_net-snmp: not-affected