Vulnerability CVE-2014-2310

Vulnerability Name:

CVE-2014-2310 (CCN-91921)

Assigned:

2014-03-14

Published:

2014-03-14

Updated:

2014-04-18

Summary:

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2014-2310

Source: MLIST
Type: UNKNOWN
[oss-security] 20140306 CVE request: net-snmp agentx incorrect handling of multi-object requests DoS

Source: MLIST
Type: UNKNOWN
[oss-security] 20140307 Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS

Source: SECUNIA
Type: Vendor Advisory
57870

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/p/net-snmp/patches/1113/

Source: UBUNTU
Type: UNKNOWN
USN-2166-1

Source: CCN
Type: Net-SNMP Web site
Net-SNMP

Source: CCN
Type: BID-66005
Net-SNMP SNMPD Multiple Object Request Handling Denial of Service Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388

Source: CCN
Type: Red Hat Bugzilla Bug 1074631
CVE-2014-2310 net-snmp: AgentX incorrectly handles multi-object requests leading to DoS

Source: XF
Type: UNKNOWN
netsnmp-cve20142310-dos(91921)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-2310

Vulnerable Configuration:

Configuration 1:

cpe:/a:net-snmp:net-snmp:*:*:*:*:*:*:*:* (Version <= 5.4)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20142310	V	CVE-2014-2310	2022-05-20
oval:org.opensuse.security:def:26184	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:31696	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:31684	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:32183	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:26112	P	Security update for sssd (Important)	2021-08-30
oval:org.opensuse.security:def:26109	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:26103	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:32126	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:36487	P	libsnmp15-32bit-5.4.2.1-8.12.22.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42625	P	libsnmp15-32bit-5.4.2.1-8.12.22.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36218	P	libsnmp15-32bit-5.4.2.1-8.12.22.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26052	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:26048	P	Security update for the Linux Kernel (Important)	2021-05-13
oval:org.opensuse.security:def:26036	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:32270	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:26193	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:26037	P	Security update for the Linux Kernel (Important)	2021-01-15
oval:org.opensuse.security:def:31685	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:32138	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:25975	P	Security update for openssl-1_0_0 (Important)	2020-12-09
oval:org.opensuse.security:def:25971	P	Security update for fontforge (Moderate)	2020-12-04
oval:org.opensuse.security:def:42757	P	libsnmp15-openssl1-32bit-5.4.2.1-8.12.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36350	P	libsnmp15-openssl1-32bit-5.4.2.1-8.12.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26446	P	Security update for kconfig, kdelibs4 (Important)	2020-12-01
oval:org.opensuse.security:def:25779	P	Security update for the SUSE Linux Enterprise 12 kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32294	P	Security update for ppp (Moderate)	2020-12-01
oval:org.opensuse.security:def:27216	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26325	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32504	P	emacs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26631	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32531	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31828	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26666	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33313	P	libsnmp15-openssl1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26344	P	Security update for mbedtls (Moderate)	2020-12-01
oval:org.opensuse.security:def:27450	P	libgpgme-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25767	P	Security update for DirectFB (Important)	2020-12-01
oval:org.opensuse.security:def:32051	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:26543	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32438	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31770	P	Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:26578	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25911	P	Security update for gstreamer-plugins-base (Low)	2020-12-01
oval:org.opensuse.security:def:32426	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27348	P	libsnmp15-openssl1-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31816	P	Security update for apport (Moderate)	2020-12-01
oval:org.opensuse.security:def:26462	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:32636	P	apache2-mod_php53 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26768	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26240	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26485	P	Security update for singularity (Moderate)	2020-12-01
oval:org.opensuse.security:def:25843	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:32350	P	Security update for squid (Moderate)	2020-12-01
oval:org.opensuse.security:def:26476	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:33142	P	libcap-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25899	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26675	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26321	P	Security update for kcoreaddons (Moderate)	2020-12-01
oval:org.opensuse.security:def:32570	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31902	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26715	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26397	P	Security update for plasma5-workspace (Important)	2020-12-01
oval:org.opensuse.security:def:27485	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25768	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27181	P	libevent-1_4-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26241	P	Security update for evolution (Moderate)	2020-12-01
oval:org.opensuse.security:def:32460	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:32034	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26617	P	nagios on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32482	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31817	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:26613	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33274	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26812	P	python-sssd-config on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31994	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26499	P	Security update for chromium, re2 (Important)	2020-12-01
oval:org.opensuse.security:def:32399	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:26529	P	cifs-mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33181	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25900	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27313	P	unzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26378	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32592	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26754	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:25452	P	SUSE-SU-2014:0524-1 -- Security update for net-snmp	2014-09-08
oval:org.mitre.oval:def:24410	P	USN-2166-1 -- net-snmp vulnerabilities	2014-07-07
oval:com.ubuntu.precise:def:20142310000	V	CVE-2014-2310 on Ubuntu 12.04 LTS (precise) - medium.	2014-04-17

BACK