Vulnerability Description
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.11.0 |
| Canonical | Ubuntu Linux | 10.04 |
| Net-Snmp | Net-Snmp | <= 5.7.1 |
Related Weaknesses (CWE)
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
- http://seclists.org/oss-sec/2013/q4/398
- http://seclists.org/oss-sec/2013/q4/415
- http://secunia.com/advisories/55804
- http://secunia.com/advisories/57870
- http://secunia.com/advisories/59974
- http://sourceforge.net/p/net-snmp/bugs/2411/Exploit
- http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
- http://www.securityfocus.com/bid/64048Exploit
- http://www.ubuntu.com/usn/USN-2166-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1038007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89485
- https://rhn.redhat.com/errata/RHSA-2014-0322.html
- https://support.apple.com/HT205375
FAQ
What is CVE-2012-6151?
CVE-2012-6151 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, a...
How severe is CVE-2012-6151?
CVE-2012-6151 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6151?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Canonical Ubuntu Linux, Net-Snmp Net-Snmp.