3 matches found
CVE-2020-6060
Mini-SNMPD 1.4 is affected by a stack-based buffer overflow when handling multiple connections due to flawed socket list cleanup that can leave a -1 fd and trigger a process crash via FD_SET in select loops. TALOS advisories detail an exploit path and crash conditions, confirming the vulnerabilit...
Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD
Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Multiple vulnerabilities exist in Mini-SNMPD, a lightweight implementation of a Simple Network Management Protocol server. An attacker can exploit these bugs by providing a specially crafted SNMPD request to...
Mini-SNMPD socket disconnect denial-of-service vulnerability
Talos Vulnerability Report TALOS-2019-0977 Mini-SNMPD socket disconnect denial-of-service vulnerability February 3, 2020 CVE Number CVE-2020-6060 Summary A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP...