| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
It was discovered that in net-snmp before 5.8 the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or potentially execute arbitrary code on the system with the privileges of the user running snmpd. |
|
| References |
| + |
https://sourceforge.net/p/net-snmp/bugs/2615/ |
| + |
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791 |
| + |
https://www.openwall.com/lists/oss-security/2015/04/13/1 |
| + |
https://bugzilla.redhat.com/show_bug.cgi?id=1212408 |
|
| Notes |
|