CVE-2014-2284

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://comments.gmane.org/gmane.comp.security.oss.general/12284
http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html
http://rhn.redhat.com/errata/RHSA-2014-0321.html
http://secunia.com/advisories/57124
http://secunia.com/advisories/57526	Vendor Advisory
http://secunia.com/advisories/57583
http://secunia.com/advisories/57870
http://secunia.com/advisories/59974
http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/
http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
http://www.ubuntu.com/usn/USN-2166-1

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:net-snmp:net-snmp:5.5:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.5.0.1:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.5.0.2:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.5.1:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.5.1.1:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.5.2:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.6:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.6.1.1:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.6.2:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.7:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.7.1:::::::*
	cpe:2.3:a:net-snmp:net-snmp:5.7.2:::::::*

History

No history.

Information

Published : 2014-03-24 16:43

Updated : 2024-02-04 18:35

NVD link : CVE-2014-2284

Mitre link : CVE-2014-2284

CVE.ORG link : CVE-2014-2284

JSON object : View

Products Affected

net-snmp

net-snmp

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2014-2284", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-24T16:43:02.177", "references": [{"url": "http://comments.gmane.org/gmane.comp.security.oss.general/12284", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html", "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0321.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57124", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57526", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57583", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57870", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/59974", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/USN-2166-1", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors."}, {"lang": "es", "value": "La implementaci\u00f3n Linux del ICMP-MIB en Net-SNMP 5.5 anterior a 5.5.2.1, 5.6.x anterior a 5.6.2.1 y 5.7.x anterior a 5.7.2.1 no valida debidamente las entradas, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."}], "lastModified": "2014-09-13T05:25:27.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABF6D757-93C1-4B08-B863-1183C9BD92AC"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2F56029-265E-4ECA-94A7-1537792A8E72"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E493356-0F50-424A-A1A6-A1C5DAC30F45"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C5E25F4-8246-400A-97CD-B5CBD7B4B268"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DCCD420-D67F-4E56-8761-A6BA1A0146E4"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "265C0DA0-9B04-43C4-B037-E307A01307C4"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50F4D055-EC8F-4F88-BE40-2EEDD41F50A9"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08DFFEB4-49FD-4A74-A67A-D4246BBB7F4C"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92030486-1814-40D4-B27F-58E236F8D102"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D7025F3-9106-4F62-91AA-4DA23417B999"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "907833FD-1793-4117-8755-A05D85A108E2"}, {"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F01F680-049C-4669-9C2C-FDA6B8C420EF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}