Cloud FoundryCFOUNDRY:4F43D8E6BFF265B4800460FBD8EF85B5USN-2711-1 Net-SNMP Vulnerabilities | Cloud Foundry
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.075 Low
EPSS
Percentile
94.0%
USN-2711-1 Net-SNMP Vulnerabilities
Low to Medium
Vendor
Canonical Ubuntu
Versions Affected
- libsnmp30 5.7.2~dfsg-8.1ubuntu3.1
Description
Net-SNMP could be made to crash or run programs if it received specially crafted network traffic. It was discovered that Net-SNMP incorrectly handled certain trap messages when the -OQ option was used. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service. (CVE-2014-3565)
Qinghao Tang discovered that Net-SNMP incorrectly handled SNMP PDU parsing failures. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5621)
Affected Products and Versions
_Severity is low unless otherwise noted.
_
- Cloud Foundry Runtime: all versions of cf-release prior to 219 are vulnerable to the aforementioned CVEs.
- PHP Buildpack v1.4.1 and earlier are vulnerable.
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry Deployments using cf-release 218 or lower upgrade to 219 or higher to resolve the aforementioned CVEs.
Credit
Unknown
References
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.075 Low
EPSS
Percentile
94.0%