CVE-2014-2284

Published: 24 March 2014

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.

Notes

Author	Note
mdeslaur	5.4 is not affected

Priority

Status

Package	Release	Status
net-snmp Launchpad, Ubuntu, Debian	lucid	Not vulnerable (5.4.2.1~dfsg0ubuntu1-0ubuntu2.2)
	precise	Not vulnerable (5.4.3~dfsg-2.4ubuntu1.1)
	quantal	Not vulnerable (5.4.3~dfsg-2.5ubuntu1)
	saucy	Released (5.7.2~dfsg-8ubuntu1.1)
	upstream	Needed
	Patches: upstream: http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/

References

http://www.openwall.com/lists/oss-security/2014/03/05/2
http://sourceforge.net/p/net-snmp/mailman/message/32026655/
https://ubuntu.com/security/notices/USN-2166-1
https://www.cve.org/CVERecord?id=CVE-2014-2284
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=1070396

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›