CVE-2012-6151
published 2013-12-13CVE-2012-6151: Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service…
PriorityP427medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
9.45%
94.8th percentile
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | os_x_el_capitan_10.11.1_security_update_2015-004_yosemite_and_security_update_20 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | net-snmp | < net-snmp 5.7.2~dfsg-3 (bookworm) | net-snmp 5.7.2~dfsg-3 (bookworm) |
| debian | net-snmp | < net-snmp 5.7.2.1~dfsg-3 (bookworm) | net-snmp 5.7.2.1~dfsg-3 (bookworm) |
| net-snmp | net-snmp | <= 5.7.1 | — |
| net-snmp | net-snmp | <= 5.4 | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
| net-snmp | net-snmp | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Net-SNMP vulnerabilities
vendor_ubuntu·2014-04-14·CVSS 4.3
CVE-2012-6151 [MEDIUM] Net-SNMP vulnerabilities
Title: Net-SNMP vulnerabilities
Summary: Net-SNMP could be made to crash if it received specially crafted network
traffic.
Ken Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. A
remote attacker could use this issue to cause the server to crash or to
hang, resulting in a denial of service. (CVE-2012-6151)
It was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. A
remote attacker could use this issue to cause the server to crash,
resulting in a denial of service. This issue only affected Ubuntu 13.10.
(CVE-2014-2284)
Viliam Púčik discovered that the Net-SNMP perl trap handler incorrectly
handled NULL arguments. A remote attacker could use this issue to cause the
server to crash, resulting in a denial of service. (CVE-2014-2285)
It was discovered that
Red Hat
net-snmp: AgentX incorrectly handles multi-object requests leading to DoS
vendor_redhat·2014-03-06·CVSS 4.3
CVE-2014-2310 [MEDIUM] net-snmp: AgentX incorrectly handles multi-object requests leading to DoS
net-snmp: AgentX incorrectly handles multi-object requests leading to DoS
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.
Package: net-snmp (Red Hat Enterprise Linux 5) - Not affected
Package: net-snmp (Red Hat Enterprise Linux 6) - Not affected
Package: net-snmp (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2014-2310: net-snmp - The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a ...
vendor_debian·2014·CVSS 4.3
CVE-2014-2310 [MEDIUM] CVE-2014-2310: net-snmp - The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a ...
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.
Scope: local
bookworm: resolved (fixed in 5.7.2~dfsg-3)
bullseye: resolved (fixed in 5.7.2~dfsg-3)
forky: resolved (fixed in 5.7.2~dfsg-3)
sid: resolved (fixed in 5.7.2~dfsg-3)
trixie: resolved (fixed in 5.7.2~dfsg-3)
Red Hat
net-snmp: snmpd crashes/hangs when AgentX subagent times-out
vendor_redhat·2012-09-05·CVSS 4.3
CVE-2012-6151 [MEDIUM] net-snmp: snmpd crashes/hangs when AgentX subagent times-out
net-snmp: snmpd crashes/hangs when AgentX subagent times-out
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
Package: net-snmp (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2012-6151: net-snmp - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and proce...
vendor_debian·2012·CVSS 4.3
CVE-2012-6151 [MEDIUM] CVE-2012-6151: net-snmp - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and proce...
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
Scope: local
bookworm: resolved (fixed in 5.7.2.1~dfsg-3)
bullseye: resolved (fixed in 5.7.2.1~dfsg-3)
forky: resolved (fixed in 5.7.2.1~dfsg-3)
sid: resolved (fixed in 5.7.2.1~dfsg-3)
trixie: resolved (fixed in 5.7.2.1~dfsg-3)
Apple
CVE-2012-6151: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
vendor_apple·CVSS 4.3
CVE-2012-6151 [MEDIUM] CVE-2012-6151: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
Apple Security Update: About the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
Product: OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks
CVE: CVE-2012-6151
Component: CVE-2012-6151
GHSA
GHSA-mv75-h3qp-gpmf: Net-SNMP 5
ghsa_unreviewed·2022-05-17
CVE-2012-6151 [MEDIUM] GHSA-mv75-h3qp-gpmf: Net-SNMP 5
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
GHSA
GHSA-7x87-wr85-45rj: The AgentX subagent in Net-SNMP before 5
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2014-2310 [MEDIUM] CWE-20 GHSA-7x87-wr85-45rj: The AgentX subagent in Net-SNMP before 5
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.
OSV
CVE-2014-2310: The AgentX subagent in Net-SNMP before 5
osv·2014-04-17·CVSS 4.3
CVE-2014-2310 [MEDIUM] CVE-2014-2310: The AgentX subagent in Net-SNMP before 5
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.
OSV
CVE-2012-6151: Net-SNMP 5
osv·2013-12-13·CVSS 4.3
CVE-2012-6151 [MEDIUM] CVE-2012-6151: Net-SNMP 5
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
No detection rules found.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlhttp://seclists.org/oss-sec/2013/q4/398http://seclists.org/oss-sec/2013/q4/415http://secunia.com/advisories/55804http://secunia.com/advisories/57870http://secunia.com/advisories/59974http://sourceforge.net/p/net-snmp/bugs/2411/http://www.gentoo.org/security/en/glsa/glsa-201409-02.xmlhttp://www.securityfocus.com/bid/64048http://www.ubuntu.com/usn/USN-2166-1https://bugzilla.redhat.com/show_bug.cgi?id=1038007https://exchange.xforce.ibmcloud.com/vulnerabilities/89485https://rhn.redhat.com/errata/RHSA-2014-0322.htmlhttps://support.apple.com/HT205375http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlhttp://seclists.org/oss-sec/2013/q4/398http://seclists.org/oss-sec/2013/q4/415http://secunia.com/advisories/55804http://secunia.com/advisories/57870http://secunia.com/advisories/59974http://sourceforge.net/p/net-snmp/bugs/2411/http://www.gentoo.org/security/en/glsa/glsa-201409-02.xmlhttp://www.securityfocus.com/bid/64048http://www.ubuntu.com/usn/USN-2166-1https://bugzilla.redhat.com/show_bug.cgi?id=1038007https://exchange.xforce.ibmcloud.com/vulnerabilities/89485https://rhn.redhat.com/errata/RHSA-2014-0322.htmlhttps://support.apple.com/HT205375
2013-12-13
Published