Date: Tue, 9 Oct 2018 11:21:02 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Hi, On Tue, Oct 09, 2018 at 12:31:32AM +0200, Alexander Bergmann wrote: > Hi Magnus, > > thanks for your report. I can reproduce VULN#2 (CVE-2018-18065) with our > net-snmp-5.7.3 version (sle12/sle15). Our net-snmp-220.127.116.11 version seams > to be unaffected. > > Regarding your VULN#1 (CVE-2018-18066) I noticed that the patch was > already applied to our code base and CVE-2015-5621 was assigned. The > issue was already mentioned here at oss-security. > > https://www.openwall.com/lists/oss-security/2015/07/31/1 > > I didn't check the details yet, but if the new CVE is a duplicate, > please contact NIST about it. Is it actually the same issue? I'm asking because for instance, there was indeed earlier CVE-2015-5621 and CVE-2018-1000116, which both were adressed with this same commit, but are considered two separate issues. So if CVE-2018-18066 is different from CVE-2015-5621 or CVE-2018-1000116, the assignment would not be a duplicate. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.