Bug 1072778 (CVE-2014-2285)
Summary: | CVE-2014-2285 net-snmp: snmptrapd crash when using a trap with empty community string | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jkurik, jsafrane, pfrields, thozza, vkrizan |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-03-26 14:49:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1072044, 1073224, 1073225 | ||
Bug Blocks: | 1070397 |
Description
Huzaifa S. Sidhpurwala
2014-03-05 08:27:41 UTC
This issue has been assigned CVE-2014-2285 via: http://www.openwall.com/lists/oss-security/2014/03/05/9 This issue was caused by a bug in perl in the way newSVpv() handled NULL as its first argument. The perl version shipped in Red Hat Enterprise Linux 5 crashes when newSVpv() is called with NULL argument. The perl version shipped in Red Hat Enterprise Linux 6 handles NULL values gracefully, and hence net-snmp packages in Red Hat Enterprise Linux 6 are not affected by this problem. References related to the perl bug and its fix: http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html http://perl5.git.perl.org/perl.git/commitdiff/ddfa59c Statement: This issue did not affect the versions of net-snmp as shipped with Red Hat Enterprise Linux 6. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0322 https://rhn.redhat.com/errata/RHSA-2014-0322.html |