Huzaifa Sidhpurwala | 5 Mar 09:37 2014
Picon

CVE request for two net-snmp remote DoS flaws

Hi All,

Two remote denial of service flaws were found in net-snmp details as below:

1. net-snmp: denial of service flaw in Linux implementation of ICMP-MIB
https://bugzilla.redhat.com/show_bug.cgi?id=1070396
http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/

2.net-snmp: snmptrapd crash when using a trap with empty community string
https://bugzilla.redhat.com/show_bug.cgi?id=1072778
https://bugzilla.redhat.com/show_bug.cgi?id=1072044
http://sourceforge.net/p/net-snmp/patches/1275/

Can 2 CVE be please assigned to these issues?

Thanks!

--

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

cve | 5 Mar 20:08 2014
Picon

Re: CVE request for two net-snmp remote DoS flaws


> 1. net-snmp: denial of service flaw in Linux implementation of ICMP-MIB

> https://bugzilla.redhat.com/show_bug.cgi?id=1070396
> http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/

A first look at the patch suggests that it's about missing input
validation, and not also about independently exploitable off-by-one
errors in the sizes of data structures. In other words, although
something like:

  - struct icmp_msg_mib vals[255];
  + struct icmp_msg_mib vals[256];

would often be an independent security fix (255 is an unusual size),
here it's not a security fix relative to the original code. If other
analysis shows that that's incorrect, we'll add another CVE ID.

Use CVE-2014-2284 for the missing input validation.

> 2. net-snmp: snmptrapd crash when using a trap with empty community string
> https://bugzilla.redhat.com/show_bug.cgi?id=1072778
> https://bugzilla.redhat.com/show_bug.cgi?id=1072044
> http://sourceforge.net/p/net-snmp/patches/1275/

Use CVE-2014-2285.

--

-- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
(Continue reading)


Gmane