SNMP: Denial of Service — GLSA 201507-17

A vulnerability in SNMP could lead to a Denial of Service condition.

Affected Packages

net-analyzer/net-snmp on all architectures
Affected versions < 5.7.3_pre5-r1
Unaffected versions >= 5.7.3_pre5-r1

Background

SNMP is a widely used protocol for monitoring the health and welfare of network equipment.

Description

A specially crafted trap message triggers a conversion to an erroneous variable type when the -OQ option is used.

Impact

A remote attacker could possibly cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All SNMP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=net-analyzer/net-snmp-5.7.3_pre5-r1"
 

References

Release Date
July 10, 2015

Latest Revision
July 10, 2015: 2

Severity
normal

Exploitable
remote

Bugzilla entries