Vulnerabilities > CVE-2005-4837 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-395.NASL description Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet that will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp last seen 2020-06-01 modified 2020-06-02 plugin id 19988 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19988 title RHEL 4 : net-snmp (RHSA-2005:395) NASL family Solaris Local Security Checks NASL id SOLARIS10_120272.NASL description SunOS 5.10: SMA patch. Date this patch was last updated by Sun : May/11/17 This plugin has been deprecated and either replaced with individual 120272 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25272 published 2007-05-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25272 title Solaris 10 (sparc) : 120272-40 (deprecated) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-456-1.NASL description The SNMP service did not correctly handle TCP disconnects. Remote subagents could cause a denial of service if they dropped a connection at a specific time. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28054 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28054 title Ubuntu 6.06 LTS : net-snmp vulnerability (USN-456-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-373.NASL description Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet which will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp last seen 2020-06-01 modified 2020-06-02 plugin id 21812 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21812 title CentOS 3 : net-snmp (CESA-2005:373) NASL family Solaris Local Security Checks NASL id SOLARIS10_120272-31.NASL description SunOS 5.10: SMA patch. Date this patch was last updated by Sun : Jun/30/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107359 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107359 title Solaris 10 (sparc) : 120272-31 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-395.NASL description Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet that will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp last seen 2020-06-01 modified 2020-06-02 plugin id 67027 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67027 title CentOS 4 : net-snmp (CESA-2005:395) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-373.NASL description Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way net-snmp uses network stream protocols. It is possible for a remote attacker to send a net-snmp agent a specially crafted packet which will crash the agent. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2177 to this issue. An insecure temporary file usage bug was found in net-snmp last seen 2020-06-01 modified 2020-06-02 plugin id 19829 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19829 title RHEL 3 : net-snmp (RHSA-2005:373)
Oval
| accepted | 2013-04-29T04:19:25.889-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9442 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. | ||||||||||||||||||||
| version | 26 |
Redhat
| rpms |
|
References
- http://secunia.com/advisories/25114
- http://secunia.com/advisories/25115
- http://secunia.com/advisories/25411
- http://sourceforge.net/tracker/index.php?func=detail&aid=1207023&group_id=12694&atid=112694
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102929-1
- http://www.securityfocus.com/bid/23762
- http://www.ubuntu.com/usn/USN-456-1
- http://www.vupen.com/english/advisories/2007/1944
- https://issues.rpath.com/browse/RPL-1334
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9442