Vulnerability Details CVE-2012-6151
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.222
EPSS Ranking 95.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
- http://seclists.org/oss-sec/2013/q4/398
- http://seclists.org/oss-sec/2013/q4/415
- http://secunia.com/advisories/55804
- http://secunia.com/advisories/57870
- http://secunia.com/advisories/59974
- http://sourceforge.net/p/net-snmp/bugs/2411/
- http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
- http://www.securityfocus.com/bid/64048
- http://www.ubuntu.com/usn/USN-2166-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1038007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89485
- https://rhn.redhat.com/errata/RHSA-2014-0322.html
- https://support.apple.com/HT205375
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
- http://seclists.org/oss-sec/2013/q4/398
- http://seclists.org/oss-sec/2013/q4/415
- http://secunia.com/advisories/55804
- http://secunia.com/advisories/57870
- http://secunia.com/advisories/59974
- http://sourceforge.net/p/net-snmp/bugs/2411/
- http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
- http://www.securityfocus.com/bid/64048
- http://www.ubuntu.com/usn/USN-2166-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1038007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89485
- https://rhn.redhat.com/errata/RHSA-2014-0322.html
- https://support.apple.com/HT205375
Products affected by CVE-2012-6151
-
cpe:2.3:a:net-snmp:net-snmp:5.0
-
cpe:2.3:a:net-snmp:net-snmp:5.0.1
-
cpe:2.3:a:net-snmp:net-snmp:5.0.2
-
cpe:2.3:a:net-snmp:net-snmp:5.0.3
-
cpe:2.3:a:net-snmp:net-snmp:5.0.4
-
cpe:2.3:a:net-snmp:net-snmp:5.0.5
-
cpe:2.3:a:net-snmp:net-snmp:5.0.6
-
cpe:2.3:a:net-snmp:net-snmp:5.0.7
-
cpe:2.3:a:net-snmp:net-snmp:5.0.8
-
cpe:2.3:a:net-snmp:net-snmp:5.0.9
-
cpe:2.3:a:net-snmp:net-snmp:5.1
-
cpe:2.3:a:net-snmp:net-snmp:5.1.2
-
cpe:2.3:a:net-snmp:net-snmp:5.2
-
cpe:2.3:a:net-snmp:net-snmp:5.3
-
cpe:2.3:a:net-snmp:net-snmp:5.3.0.1
-
cpe:2.3:a:net-snmp:net-snmp:5.4
-
cpe:2.3:a:net-snmp:net-snmp:5.4.2.1
-
cpe:2.3:a:net-snmp:net-snmp:5.5
-
cpe:2.3:a:net-snmp:net-snmp:5.6
-
cpe:2.3:a:net-snmp:net-snmp:5.7
-
cpe:2.3:a:net-snmp:net-snmp:5.7.1
-
cpe:2.3:o:apple:mac_os_x:10.11.0
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:12.10
-
cpe:2.3:o:canonical:ubuntu_linux:13.10