Cloud Foundry Logo
blog single gear
Security Advisory

USN-2711-1 Net-SNMP Vulnerabilities

USN-2711-1 Net-SNMP Vulnerabilities

Severity

Low to Medium

Vendor

Canonical Ubuntu

Versions Affected

  • libsnmp30 5.7.2~dfsg-8.1ubuntu3.1

Description

Net-SNMP could be made to crash or run programs if it received specially crafted network traffic. It was discovered that Net-SNMP incorrectly handled certain trap messages when the -OQ option was used. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service. (CVE-2014-3565)

Qinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing failures. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5621)

Affected Products and Versions

Severity is low unless otherwise noted.

  • Cloud Foundry Runtime: all versions of cf-release prior to 219 are vulnerable to the aforementioned CVEs.
  • PHP Buildpack v1.4.1 and earlier are vulnerable.

Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends that Cloud Foundry Deployments using cf-release 218 or lower upgrade to 219 or higher to resolve the aforementioned CVEs.

Credit

Unknown

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES