Executive Summary

Informations
Name CVE-2014-2310 First vendor Publication 2014-04-17
Vendor Cve Last vendor Modification 2014-04-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2310

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24410
 
Oval ID: oval:org.mitre.oval:def:24410
Title: USN-2166-1 -- net-snmp vulnerabilities
Description: Net-SNMP could be made to crash if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-2166-1
CVE-2012-6151
CVE-2014-2284
CVE-2014-2285
CVE-2014-2310
 Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
 Product(s): net-snmp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25452
 
Oval ID: oval:org.mitre.oval:def:25452
Title: SUSE-SU-2014:0524-1 -- Security update for net-snmp
Description: The net-snmp remote service received security and bugfixes: * A remote denial of service flaw in Linux implementation of ICMP-MIB has been fixed (CVE-2014-2284) * snmptrapd could have crashed when using a trap with empty community string. This has been fixed. (CVE-2014-2285) * The AgentX subagent of net-snmp could have been stalled when a manager sent a multi-object request with a different number of subids. (CVE-2014-2310)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0524-1
CVE-2014-2284
CVE-2014-2285
CVE-2014-2310
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
 Product(s): net-snmp
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 26

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_net-snmp_20140915.nasl - Type : ACT_GATHER_INFO
2014-04-15 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libsnmp15-140314.nasl - Type : ACT_GATHER_INFO
2014-04-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2166-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc64820021...
http://sourceforge.net/p/net-snmp/patches/1113/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388
MLIST http://seclists.org/oss-sec/2014/q1/513
http://seclists.org/oss-sec/2014/q1/527
SECUNIA http://secunia.com/advisories/57870
UBUNTU http://ubuntu.com/usn/usn-2166-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-05 01:14:54
  • Multiple Updates
2021-05-04 12:30:58
  • Multiple Updates
2021-04-22 01:37:28
  • Multiple Updates
2020-05-23 01:51:39
  • Multiple Updates
2020-05-23 00:40:30
  • Multiple Updates
2016-04-27 00:33:59
  • Multiple Updates
2015-01-21 13:26:47
  • Multiple Updates
2014-04-19 13:24:42
  • Multiple Updates
2014-04-18 13:26:37
  • First insertion