Security News > 2020 > February > Vulnerabilities in Mini-SNMPD Lead to DoS, Information Disclosure
Vulnerabilities recently patched in Mini-SNMPD could be abused for denial-of-service attacks or to obtain sensitive information, Cisco Talos' security researchers report.
It works on both x86 and ARM platforms running Ubuntu, Alpine Linux, and FreeBSD. Talos' researchers discovered a total of three vulnerabilities in Mini-SNMPD, including two out-of-bounds read bugs and one stack overflow.
Tracked as CVE-2020-6058 and CVE-2020-6059, the first two issues are exploitable out-of-bounds read vulnerabilities, both related to the manner in which Mini-SNMPD parses incoming SNMP packets.
The third security bug, which is tracked as CVE-2020-6060, exists in the way Mini-SNMPD handles multiple connections, Talos explains.
All three vulnerabilities were found to impact version 1.4 of Mini-SNMPD and were reported to the developer on January 21.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2020-6058 | Out-of-bounds Read vulnerability in Minisnmpd Project Minisnmpd 1.4 An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. | 9.1 |
| 2020-02-04 | CVE-2020-6059 | Integer Overflow or Wraparound vulnerability in Minisnmpd Project Minisnmpd 1.4 An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. | 8.2 |
| 2020-02-04 | CVE-2020-6060 | Out-of-bounds Write vulnerability in Minisnmpd Project Minisnmpd 1.4 A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. | 7.5 |