Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 26 Apr 2012 13:23:08 +0200
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
CC:, Jan Safranek <>,
        Sergio Freire <>
Subject: CVE Request -- net-snmp: Array index error, leading to out-of heap-based
 buffer read (snmpd crash)

Hello Kurt, Steve, vendors,

   an array index error, leading to out-of heap-based buffer read flaw was found
in the way net-snmp agent performed entries lookup in the extension table. When
certain MIB subtree was handled by the extend directive, a remote attacker
having read privilege to the subtree could use this flaw to cause a denial of
service (snmpd crash) via SNMP GET request involving a non-existent extension
table entry.


Could you allocate a CVE id for this?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ